Source: WerFault.exe, 0000000A.00000002.376314972.0000000003A63000.00000004.00000001.00020000.00000000.sdmp, WerFault.exe, 0000000A.00000003.363740029.0000000003A63000.00000004.00000001.00020000.00000000.sdmp |
String found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06 |
Source: WerFault.exe, 0000000A.00000002.376314972.0000000003A41000.00000004.00000001.00020000.00000000.sdmp, WerFault.exe, 0000000A.00000003.363740029.0000000003A41000.00000004.00000001.00020000.00000000.sdmp, WerFault.exe, 0000000A.00000003.363658371.000000000044C000.00000004.00000001.00020000.00000000.sdmp, WerFault.exe, 0000000A.00000002.367143979.000000000044C000.00000004.00000001.00020000.00000000.sdmp, WerFault.exe, 0000000A.00000002.376314972.0000000003A63000.00000004.00000001.00020000.00000000.sdmp, WerFault.exe, 0000000A.00000003.363740029.0000000003A63000.00000004.00000001.00020000.00000000.sdmp |
String found in binary or memory: http://crl.comodoca.com/UTN-USERFirst-Hardware.crl06 |
Source: WerFault.exe, 0000000A.00000002.376314972.0000000003A41000.00000004.00000001.00020000.00000000.sdmp, WerFault.exe, 0000000A.00000003.363740029.0000000003A41000.00000004.00000001.00020000.00000000.sdmp, WerFault.exe, 0000000A.00000002.376314972.0000000003A63000.00000004.00000001.00020000.00000000.sdmp, WerFault.exe, 0000000A.00000003.363740029.0000000003A63000.00000004.00000001.00020000.00000000.sdmp |
String found in binary or memory: http://crl.entrust.net/2048ca.crl0 |
Source: WerFault.exe, 0000000A.00000002.367143979.00000000003CF000.00000004.00000001.00020000.00000000.sdmp, WerFault.exe, 0000000A.00000003.363658371.00000000003C2000.00000004.00000001.00020000.00000000.sdmp, WerFault.exe, 0000000A.00000002.376314972.0000000003A63000.00000004.00000001.00020000.00000000.sdmp, WerFault.exe, 0000000A.00000003.363740029.0000000003A63000.00000004.00000001.00020000.00000000.sdmp |
String found in binary or memory: http://crl.entrust.net/server1.crl0 |
Source: WerFault.exe, 0000000A.00000002.376314972.0000000003A63000.00000004.00000001.00020000.00000000.sdmp, WerFault.exe, 0000000A.00000003.363740029.0000000003A63000.00000004.00000001.00020000.00000000.sdmp |
String found in binary or memory: http://crl.globalsign.net/root-r2.crl0 |
Source: lsass.exe, 00000011.00000000.343011330.0000000001220000.00000004.00000001.00020000.00000000.sdmp |
String found in binary or memory: http://crl.pki.goog/gsr1/gsr1.crl0; |
Source: lsass.exe, 00000011.00000002.606687725.0000000001220000.00000004.00000001.00020000.00000000.sdmp, lsass.exe, 00000011.00000000.343011330.000000000122E000.00000004.00000001.00020000.00000000.sdmp, lsass.exe, 00000011.00000000.343011330.0000000001220000.00000004.00000001.00020000.00000000.sdmp |
String found in binary or memory: http://crl.pki.goog/gtsr1/gtsr1.crl0W |
Source: WerFault.exe, 0000000A.00000002.375602362.00000000039FE000.00000004.00000001.00020000.00000000.sdmp, WerFault.exe, 0000000A.00000002.376314972.0000000003A63000.00000004.00000001.00020000.00000000.sdmp, WerFault.exe, 0000000A.00000003.363740029.0000000003A63000.00000004.00000001.00020000.00000000.sdmp |
String found in binary or memory: http://crl.pkioverheid.nl/DomOrganisatieLatestCRL-G2.crl0 |
Source: WerFault.exe, 0000000A.00000002.376314972.0000000003A63000.00000004.00000001.00020000.00000000.sdmp, WerFault.exe, 0000000A.00000003.363740029.0000000003A63000.00000004.00000001.00020000.00000000.sdmp |
String found in binary or memory: http://crl.pkioverheid.nl/DomOvLatestCRL.crl0 |
Source: lsass.exe, 00000011.00000002.606687725.0000000001220000.00000004.00000001.00020000.00000000.sdmp, lsass.exe, 00000011.00000000.343011330.000000000122E000.00000004.00000001.00020000.00000000.sdmp |
String found in binary or memory: http://crls.pki.goog/gts1c3/moVDfISia2k.crl0 |
Source: explorer.exe, 0000001F.00000002.602714101.00000000001D6000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000001F.00000000.349660283.00000000001D6000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://java.sun.com |
Source: WerFault.exe, 0000000A.00000002.376314972.0000000003A63000.00000004.00000001.00020000.00000000.sdmp, WerFault.exe, 0000000A.00000003.363740029.0000000003A63000.00000004.00000001.00020000.00000000.sdmp |
String found in binary or memory: http://ocsp.comodoca.com0 |
Source: WerFault.exe, 0000000A.00000003.363658371.000000000044C000.00000004.00000001.00020000.00000000.sdmp, WerFault.exe, 0000000A.00000002.367143979.000000000044C000.00000004.00000001.00020000.00000000.sdmp |
String found in binary or memory: http://ocsp.comodoca.com0% |
Source: WerFault.exe, 0000000A.00000002.376314972.0000000003A63000.00000004.00000001.00020000.00000000.sdmp, WerFault.exe, 0000000A.00000003.363740029.0000000003A63000.00000004.00000001.00020000.00000000.sdmp |
String found in binary or memory: http://ocsp.comodoca.com0- |
Source: WerFault.exe, 0000000A.00000003.363658371.000000000044C000.00000004.00000001.00020000.00000000.sdmp, WerFault.exe, 0000000A.00000002.367143979.000000000044C000.00000004.00000001.00020000.00000000.sdmp, WerFault.exe, 0000000A.00000002.376314972.0000000003A63000.00000004.00000001.00020000.00000000.sdmp, WerFault.exe, 0000000A.00000003.363740029.0000000003A63000.00000004.00000001.00020000.00000000.sdmp |
String found in binary or memory: http://ocsp.comodoca.com0/ |
Source: WerFault.exe, 0000000A.00000002.376314972.0000000003A41000.00000004.00000001.00020000.00000000.sdmp, WerFault.exe, 0000000A.00000003.363740029.0000000003A41000.00000004.00000001.00020000.00000000.sdmp |
String found in binary or memory: http://ocsp.comodoca.com05 |
Source: WerFault.exe, 0000000A.00000002.367143979.00000000003CF000.00000004.00000001.00020000.00000000.sdmp, WerFault.exe, 0000000A.00000003.363658371.00000000003C2000.00000004.00000001.00020000.00000000.sdmp, WerFault.exe, 0000000A.00000002.376314972.0000000003A63000.00000004.00000001.00020000.00000000.sdmp, WerFault.exe, 0000000A.00000003.363740029.0000000003A63000.00000004.00000001.00020000.00000000.sdmp |
String found in binary or memory: http://ocsp.entrust.net03 |
Source: WerFault.exe, 0000000A.00000002.376314972.0000000003A41000.00000004.00000001.00020000.00000000.sdmp, WerFault.exe, 0000000A.00000003.363740029.0000000003A41000.00000004.00000001.00020000.00000000.sdmp, WerFault.exe, 0000000A.00000002.376314972.0000000003A63000.00000004.00000001.00020000.00000000.sdmp, WerFault.exe, 0000000A.00000003.363740029.0000000003A63000.00000004.00000001.00020000.00000000.sdmp |
String found in binary or memory: http://ocsp.entrust.net0D |
Source: lsass.exe, 00000011.00000000.343011330.0000000001220000.00000004.00000001.00020000.00000000.sdmp |
String found in binary or memory: http://ocsp.pki.goog/gsr10) |
Source: lsass.exe, 00000011.00000002.606687725.0000000001220000.00000004.00000001.00020000.00000000.sdmp, lsass.exe, 00000011.00000000.343011330.000000000122E000.00000004.00000001.00020000.00000000.sdmp, lsass.exe, 00000011.00000000.342781591.000000000022B000.00000004.00000020.00020000.00000000.sdmp, lsass.exe, 00000011.00000002.603202980.000000000022B000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://ocsp.pki.goog/gts1c301 |
Source: lsass.exe, 00000011.00000002.606687725.0000000001220000.00000004.00000001.00020000.00000000.sdmp, lsass.exe, 00000011.00000000.343011330.000000000122E000.00000004.00000001.00020000.00000000.sdmp, lsass.exe, 00000011.00000000.343011330.0000000001220000.00000004.00000001.00020000.00000000.sdmp |
String found in binary or memory: http://ocsp.pki.goog/gtsr100 |
Source: lsass.exe, 00000011.00000000.343011330.0000000001220000.00000004.00000001.00020000.00000000.sdmp |
String found in binary or memory: http://pki.goog/gsr1/gsr1.crt02 |
Source: lsass.exe, 00000011.00000002.606687725.0000000001220000.00000004.00000001.00020000.00000000.sdmp, lsass.exe, 00000011.00000000.343011330.000000000122E000.00000004.00000001.00020000.00000000.sdmp, lsass.exe, 00000011.00000000.342781591.000000000022B000.00000004.00000020.00020000.00000000.sdmp, lsass.exe, 00000011.00000002.603202980.000000000022B000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://pki.goog/repo/certs/gts1c3.der0 |
Source: lsass.exe, 00000011.00000002.606687725.0000000001220000.00000004.00000001.00020000.00000000.sdmp, lsass.exe, 00000011.00000000.343011330.000000000122E000.00000004.00000001.00020000.00000000.sdmp, lsass.exe, 00000011.00000000.343011330.0000000001220000.00000004.00000001.00020000.00000000.sdmp |
String found in binary or memory: http://pki.goog/repo/certs/gtsr1.der04 |
Source: svchost.exe, 00000016.00000000.345782413.0000000001FFC000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000016.00000002.605131595.0000000001FFC000.00000004.00000001.00020000.00000000.sdmp |
String found in binary or memory: http://schemas.com/win/2004/08/events |
Source: svchost.exe, 00000019.00000000.346998279.0000000001FD6000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000019.00000002.608643399.0000000001FD6000.00000004.00000001.00020000.00000000.sdmp |
String found in binary or memory: http://schemas.micro |
Source: explorer.exe, 0000001F.00000002.602714101.00000000001D6000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000001F.00000000.349660283.00000000001D6000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://www.autoitscript.com/autoit3 |
Source: WerFault.exe, 0000000A.00000002.376314972.0000000003A41000.00000004.00000001.00020000.00000000.sdmp, WerFault.exe, 0000000A.00000003.363740029.0000000003A41000.00000004.00000001.00020000.00000000.sdmp, WerFault.exe, 0000000A.00000002.376314972.0000000003A63000.00000004.00000001.00020000.00000000.sdmp, WerFault.exe, 0000000A.00000003.363740029.0000000003A63000.00000004.00000001.00020000.00000000.sdmp |
String found in binary or memory: http://www.digicert.com.my/cps.htm02 |
Source: WerFault.exe, 0000000A.00000002.375602362.00000000039FE000.00000004.00000001.00020000.00000000.sdmp, WerFault.exe, 0000000A.00000002.376314972.0000000003A63000.00000004.00000001.00020000.00000000.sdmp, WerFault.exe, 0000000A.00000003.363740029.0000000003A63000.00000004.00000001.00020000.00000000.sdmp |
String found in binary or memory: http://www.diginotar.nl/cps/pkioverheid0 |
Source: explorer.exe, 0000001F.00000002.606706574.0000000003DB1000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000001F.00000000.350381000.0000000003DB1000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000001F.00000000.350097876.000000000260E000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000001F.00000002.608288265.0000000007AE8000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000001F.00000000.350702735.0000000007AE8000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000001F.00000002.606706574.0000000003E98000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000001F.00000000.350381000.0000000003E98000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000001F.00000002.604991513.000000000260E000.00000004.00000001.00020000.00000000.sdmp |
String found in binary or memory: http://www.piriform.com/ccleaner |
Source: explorer.exe, 0000001F.00000002.606706574.0000000003DB1000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000001F.00000000.350381000.0000000003DB1000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000001F.00000000.350097876.000000000260E000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000001F.00000002.608288265.0000000007AE8000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000001F.00000000.350702735.0000000007AE8000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000001F.00000002.606706574.0000000003E98000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000001F.00000000.350381000.0000000003E98000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000001F.00000002.604991513.000000000260E000.00000004.00000001.00020000.00000000.sdmp |
String found in binary or memory: http://www.piriform.com/ccleanerhttp://www.piriform.com/ccleanerv |
Source: explorer.exe, 0000001F.00000000.350097876.000000000260E000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 0000001F.00000002.604991513.000000000260E000.00000004.00000001.00020000.00000000.sdmp |
String found in binary or memory: http://www.piriform.com/ccleanerxe |
Source: lsass.exe, 00000011.00000002.606687725.0000000001220000.00000004.00000001.00020000.00000000.sdmp, lsass.exe, 00000011.00000000.343011330.000000000122E000.00000004.00000001.00020000.00000000.sdmp, lsass.exe, 00000011.00000000.343011330.0000000001220000.00000004.00000001.00020000.00000000.sdmp |
String found in binary or memory: https://pki.goog/repository/0 |
Source: WerFault.exe, 0000000A.00000002.376314972.0000000003A41000.00000004.00000001.00020000.00000000.sdmp, WerFault.exe, 0000000A.00000003.363740029.0000000003A41000.00000004.00000001.00020000.00000000.sdmp, WerFault.exe, 0000000A.00000003.363658371.000000000044C000.00000004.00000001.00020000.00000000.sdmp, WerFault.exe, 0000000A.00000002.367143979.000000000044C000.00000004.00000001.00020000.00000000.sdmp, WerFault.exe, 0000000A.00000002.376314972.0000000003A63000.00000004.00000001.00020000.00000000.sdmp, WerFault.exe, 0000000A.00000003.363740029.0000000003A63000.00000004.00000001.00020000.00000000.sdmp |
String found in binary or memory: https://secure.comodo.com/CPS0 |
Source: explorer.exe, 0000001F.00000002.602714101.00000000001D6000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000001F.00000000.349660283.00000000001D6000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://support.mozilla.org |
Source: svchost.exe, 00000018.00000002.603627532.0000000002668000.00000004.00000001.00020000.00000000.sdmp, svchost.exe, 00000018.00000000.346476637.0000000002668000.00000004.00000001.00020000.00000000.sdmp |
String found in binary or memory: https://update.googleapis.com/service/update2?cup2key=13:9PlIcYzJ7FuPKbYwS8xEdZ3KAlYn7hgULJcTQTtHhro |
Source: explorer.exe, 0000001F.00000002.602714101.00000000001D6000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000001F.00000000.349660283.00000000001D6000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://www.mozilla.org |
Source: explorer.exe, 0000001F.00000002.602714101.00000000001D6000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 0000001F.00000000.349660283.00000000001D6000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://www.mozilla.org/firefox/52.0.1/releasenotes |
Source: C:\Users\user\Desktop\mine327.exe |
Code function: 0_2_005728C8 NtEnumerateValueKey,NtEnumerateValueKey, |
0_2_005728C8 |
Source: C:\Users\user\Desktop\mine327.exe |
Code function: 0_2_000007FE93D6E460 NtUnmapViewOfSection, |
0_2_000007FE93D6E460 |
Source: C:\Users\user\Desktop\mine327.exe |
Code function: 0_2_000007FE93D6FEF4 NtUnmapViewOfSection, |
0_2_000007FE93D6FEF4 |
Source: C:\Users\user\Desktop\mine327.exe |
Code function: 0_2_000007FE93D6FE1A NtUnmapViewOfSection, |
0_2_000007FE93D6FE1A |
Source: C:\Windows\explorer.exe |
Code function: 2_2_0000000140001394 NtAlpcConnectPort, |
2_2_0000000140001394 |
Source: C:\Windows\System32\dialer.exe |
Code function: 3_2_00000001400010C0 OpenProcess,OpenProcess,K32GetModuleFileNameExW,PathFindFileNameW,lstrlenW,StrCpyW,CloseHandle,StrCmpIW,NtQueryInformationProcess,OpenProcessToken,GetTokenInformation,GetLastError,LocalAlloc,GetTokenInformation,GetSidSubAuthorityCount,GetSidSubAuthority,LocalFree,CloseHandle,StrStrA,VirtualAllocEx,WriteProcessMemory,NtCreateThreadEx,WaitForSingleObject,GetExitCodeThread,CloseHandle,CloseHandle, |
3_2_00000001400010C0 |
Source: C:\Windows\System32\services.exe |
Code function: 6_2_001F2244 GetProcessIdOfThread,GetCurrentProcessId,CreateFileW,WriteFile,ReadFile,CloseHandle,NtResumeThread, |
6_2_001F2244 |
Source: C:\Windows\System32\services.exe |
Code function: 6_2_001F2330 NtQueryDirectoryFile,GetFileType,StrCpyW, |
6_2_001F2330 |
Source: C:\Windows\System32\WerFault.exe |
Code function: 10_2_02482244 GetProcessIdOfThread,GetCurrentProcessId,CreateFileW,WriteFile,ReadFile,CloseHandle,NtResumeThread, |
10_2_02482244 |
Source: C:\Windows\System32\WerFault.exe |
Code function: 10_2_02482330 NtQueryDirectoryFile,GetFileType,StrCpyW, |
10_2_02482330 |
Source: C:\Windows\System32\WerFault.exe |
Code function: 10_2_0248202C NtQuerySystemInformation,StrCmpNIW, |
10_2_0248202C |
Source: C:\Windows\System32\winlogon.exe |
Code function: 12_2_009828C8 NtEnumerateValueKey,NtEnumerateValueKey, |
12_2_009828C8 |
Source: C:\Windows\System32\sc.exe |
Code function: 13_2_001628C8 NtEnumerateValueKey,NtEnumerateValueKey, |
13_2_001628C8 |
Source: C:\Windows\System32\sc.exe |
Code function: 13_2_00162244 GetProcessIdOfThread,GetCurrentProcessId,CreateFileW,WriteFile,ReadFile,CloseHandle,NtResumeThread, |
13_2_00162244 |
Source: C:\Windows\System32\sc.exe |
Code function: 13_2_00162B2C NtDeviceIoControlFile,GetModuleHandleA,GetProcAddress,StrCmpNIW,lstrlenW,lstrlenW, |
13_2_00162B2C |
Source: C:\ProgramData\jjfvbumjfczj\oapavmkbdsqp.exe |
Code function: 16_2_0028202C NtQuerySystemInformation,StrCmpNIW, |
16_2_0028202C |
Source: C:\ProgramData\jjfvbumjfczj\oapavmkbdsqp.exe |
Code function: 16_2_002828C8 NtEnumerateValueKey,NtEnumerateValueKey, |
16_2_002828C8 |
Source: C:\ProgramData\jjfvbumjfczj\oapavmkbdsqp.exe |
Code function: 16_2_00282244 GetProcessIdOfThread,GetCurrentProcessId,CreateFileW,WriteFile,ReadFile,CloseHandle,NtResumeThread, |
16_2_00282244 |
Source: C:\ProgramData\jjfvbumjfczj\oapavmkbdsqp.exe |
Code function: 16_2_00282B2C NtDeviceIoControlFile,GetModuleHandleA,GetProcAddress,StrCmpNIW,lstrlenW,lstrlenW, |
16_2_00282B2C |
Source: C:\ProgramData\jjfvbumjfczj\oapavmkbdsqp.exe |
Code function: 16_2_FF64BC40 GetCommandLineW,PathGetArgsW,GetCurrentProcess,NtQueryInformationProcess,memset,#155, |
16_2_FF64BC40 |
Source: C:\ProgramData\jjfvbumjfczj\oapavmkbdsqp.exe |
Code function: 16_2_FF63FD40 ResumeThread,GetPriorityClass,GetLastError,NtQueryInformationProcess,NtQueryInformationProcess,AssignProcessToJobObject,GetLastError, |
16_2_FF63FD40 |
Source: C:\ProgramData\jjfvbumjfczj\oapavmkbdsqp.exe |
Code function: 16_2_FF63ED28 GetShellWindow,CoCreateInstance,CreateEventW,SetEvent,memset,NtSetSystemInformation,GetCurrentThreadId,SetTimer, |
16_2_FF63ED28 |
Source: C:\ProgramData\jjfvbumjfczj\oapavmkbdsqp.exe |
Code function: 16_2_FF696DE0 SetPriorityClass,GetLastError,NtSetInformationProcess,NtSetInformationProcess, |
16_2_FF696DE0 |
Source: C:\ProgramData\jjfvbumjfczj\oapavmkbdsqp.exe |
Code function: 16_2_FF64A550 NtOpenThreadToken,NtOpenProcessToken,NtQueryInformationToken,NtQueryInformationToken,NtClose,NtQueryInformationToken, |
16_2_FF64A550 |
Source: C:\Windows\System32\lsass.exe |
Code function: 17_2_009C202C NtQuerySystemInformation,StrCmpNIW, |
17_2_009C202C |
Source: C:\Windows\System32\lsm.exe |
Code function: 19_2_002628C8 NtEnumerateValueKey,NtEnumerateValueKey, |
19_2_002628C8 |
Source: C:\Windows\System32\svchost.exe |
Code function: 22_2_014A202C NtQuerySystemInformation,StrCmpNIW, |
22_2_014A202C |
Source: C:\Windows\System32\svchost.exe |
Code function: 25_2_00C62330 NtQueryDirectoryFile,GetFileType,StrCpyW, |
25_2_00C62330 |
Source: C:\ProgramData\jjfvbumjfczj\oapavmkbdsqp.exe |
Code function: RegisterTraceGuidsW,RegDeleteKeyExW,GetCurrentProcess,SetPriorityClass,SystemParametersInfoW,GetSystemMetrics,GetSystemMetrics,GetSystemMetrics,GetSystemMetrics,GetSystemMetrics,GetSystemMetrics,GetSystemMetrics,GetSystemMetrics,RegCreateKeyW,CreateMutexW,WaitForSingleObject,#899,#188,SetProcessShutdownParameters,PeekMessageW,WaitForSingleObject,CloseHandle,OleInitialize,CoCreateInstance,#660,SHGetValueW,GetUserDefaultUILanguage,SHGetSpecialFolderPathW,SHGetSpecialFolderPathW,SHGetSpecialFolderPathW,GetSystemMetrics,CreateEventW,GetSystemMetrics,#885,CloseHandle,RegQueryValueExW,RegSetValueExW,#110,SHCreateThreadRef,SHSetThreadRef,#176,ReleaseMutex,CloseHandle,PostMessageW,#16,GetCurrentProcess,SetPriorityClass,RegisterApplicationRestart,CoCreateInstance,#201,ReleaseMutex,CloseHandle,GetCurrentProcess,SetPriorityClass,memset,SHGetKnownFolderIDList,ShellExecuteExW,#155,memset,GetCommandLineW,PathGetArgsW,CoCreateInstance,CoCreateInstance,CoCreateInstance,memset,GetStartupInfoW,#155,LoadLibraryW,GetProcAddress,FreeLibrary,SHSetThreadRef,GetMessageW,TranslateMessage,DispatchMessageW,RegSetValueExW,#111,OleUninitialize,#188,GetCommandLineW,PathGetArgsW,#158,#10,UnregisterTraceGuids,ExitProcess, CleanShutdown |
16_2_FF64020C |
Source: C:\ProgramData\jjfvbumjfczj\oapavmkbdsqp.exe |
Code function: RegisterTraceGuidsW,RegDeleteKeyExW,GetCurrentProcess,SetPriorityClass,SystemParametersInfoW,GetSystemMetrics,GetSystemMetrics,GetSystemMetrics,GetSystemMetrics,GetSystemMetrics,GetSystemMetrics,GetSystemMetrics,GetSystemMetrics,RegCreateKeyW,CreateMutexW,WaitForSingleObject,#899,#188,SetProcessShutdownParameters,PeekMessageW,WaitForSingleObject,CloseHandle,OleInitialize,CoCreateInstance,#660,SHGetValueW,GetUserDefaultUILanguage,SHGetSpecialFolderPathW,SHGetSpecialFolderPathW,SHGetSpecialFolderPathW,GetSystemMetrics,CreateEventW,GetSystemMetrics,#885,CloseHandle,RegQueryValueExW,RegSetValueExW,#110,SHCreateThreadRef,SHSetThreadRef,#176,ReleaseMutex,CloseHandle,PostMessageW,#16,GetCurrentProcess,SetPriorityClass,RegisterApplicationRestart,CoCreateInstance,#201,ReleaseMutex,CloseHandle,GetCurrentProcess,SetPriorityClass,memset,SHGetKnownFolderIDList,ShellExecuteExW,#155,memset,GetCommandLineW,PathGetArgsW,CoCreateInstance,CoCreateInstance,CoCreateInstance,memset,GetStartupInfoW,#155,LoadLibraryW,GetProcAddress,FreeLibrary,SHSetThreadRef,GetMessageW,TranslateMessage,DispatchMessageW,RegSetValueExW,#111,OleUninitialize,#188,GetCommandLineW,PathGetArgsW,#158,#10,UnregisterTraceGuids,ExitProcess, CleanShutdown |
16_2_FF64020C |
Source: C:\ProgramData\jjfvbumjfczj\oapavmkbdsqp.exe |
Code function: RegisterTraceGuidsW,RegDeleteKeyExW,GetCurrentProcess,SetPriorityClass,SystemParametersInfoW,GetSystemMetrics,GetSystemMetrics,GetSystemMetrics,GetSystemMetrics,GetSystemMetrics,GetSystemMetrics,GetSystemMetrics,GetSystemMetrics,RegCreateKeyW,CreateMutexW,WaitForSingleObject,#899,#188,SetProcessShutdownParameters,PeekMessageW,WaitForSingleObject,CloseHandle,OleInitialize,CoCreateInstance,#660,SHGetValueW,GetUserDefaultUILanguage,SHGetSpecialFolderPathW,SHGetSpecialFolderPathW,SHGetSpecialFolderPathW,GetSystemMetrics,CreateEventW,GetSystemMetrics,#885,CloseHandle,RegQueryValueExW,RegSetValueExW,#110,SHCreateThreadRef,SHSetThreadRef,#176,ReleaseMutex,CloseHandle,PostMessageW,#16,GetCurrentProcess,SetPriorityClass,RegisterApplicationRestart,CoCreateInstance,#201,ReleaseMutex,CloseHandle,GetCurrentProcess,SetPriorityClass,memset,SHGetKnownFolderIDList,ShellExecuteExW,#155,memset,GetCommandLineW,PathGetArgsW,CoCreateInstance,CoCreateInstance,CoCreateInstance,memset,GetStartupInfoW,#155,LoadLibraryW,GetProcAddress,FreeLibrary,SHSetThreadRef,GetMessageW,TranslateMessage,DispatchMessageW,RegSetValueExW,#111,OleUninitialize,#188,GetCommandLineW,PathGetArgsW,#158,#10,UnregisterTraceGuids,ExitProcess, CleanShutdown |
16_2_FF64020C |
Source: C:\ProgramData\jjfvbumjfczj\oapavmkbdsqp.exe |
Code function: GetWindowsDirectoryW,PathCombineW,memset,ShellExecuteExW, /Reboot Shutdown |
16_2_FF698DE8 |
Source: C:\ProgramData\jjfvbumjfczj\oapavmkbdsqp.exe |
Code function: 16_2_FF621364 DefWindowProcW,#479,SetLastError,EnumChildWindows,#158,#158,BeginPaint,PostMessageW,GetClientRect,IsCompositionActive,#197,DrawThemeBackground,#8,#9,#10,PostMessageW,SendMessageW,PostMessageW,SendMessageW,SendMessageW,#479,LoadCursorW,SetCursor,UpdateWindow,GetClientRect,GetClipBox,IsCompositionActive,#197,DrawThemeBackground,EndPaint,#4,EnumDisplayMonitors,EnumChildWindows,EnumChildWindows,SendMessageW,#100,SendMessageW,SendMessageW,GetDoubleClickTime,TrackMouseEvent,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SetTimer,LoadCursorW,SetCursor,#127,EnumDisplayMonitors,ShowWindow,ShowWindow,DestroyWindow,GetClientRect,MapWindowPoints,PtInRect,PtInRect,PtInRect,PtInRect,GetWindowRect,GetMessagePos,PtInRect,DefWindowProcW,InflateRect,SendMessageW,SendMessageW,SendMessageW,GetFocus,#204,#165,GetSystemMenu,EnableMenuItem,EnableMenuItem,EnableMenuItem,EnableMenuItem,EnableMenuItem,SendMessageW,#165,KillTimer,SendMessageW,PostMessageW,SendMessageW,GetCursorPos,GetSystemMetrics,GetSystemMetrics,InflateRect,SendMessageW,SendMessageW,FillRect,MapWindowPoints,InflateRect,DrawEdge,GlobalGetAtomNameW,#190,UnregisterHotKey,#388,SetWindowPos,CoMarshalInterThreadInterfaceInStream,ExitWindowsEx,PostMessageW,PostMessageW, |
16_2_FF621364 |
Source: C:\Users\user\Desktop\mine327.exe |
Code function: 0_2_0054D0E0 |
0_2_0054D0E0 |
Source: C:\Users\user\Desktop\mine327.exe |
Code function: 0_2_005538A8 |
0_2_005538A8 |
Source: C:\Users\user\Desktop\mine327.exe |
Code function: 0_2_00541F2C |
0_2_00541F2C |
Source: C:\Users\user\Desktop\mine327.exe |
Code function: 0_2_0057DCE0 |
0_2_0057DCE0 |
Source: C:\Users\user\Desktop\mine327.exe |
Code function: 0_2_005844A8 |
0_2_005844A8 |
Source: C:\Users\user\Desktop\mine327.exe |
Code function: 0_2_00572B2C |
0_2_00572B2C |
Source: C:\Users\user\Desktop\mine327.exe |
Code function: 0_2_000007FE93D5FC20 |
0_2_000007FE93D5FC20 |
Source: C:\Users\user\Desktop\mine327.exe |
Code function: 0_2_000007FE93D6A3C5 |
0_2_000007FE93D6A3C5 |
Source: C:\Users\user\Desktop\mine327.exe |
Code function: 0_2_000007FE93D5A9B0 |
0_2_000007FE93D5A9B0 |
Source: C:\Users\user\Desktop\mine327.exe |
Code function: 0_2_000007FE93D5A9B8 |
0_2_000007FE93D5A9B8 |
Source: C:\Users\user\Desktop\mine327.exe |
Code function: 0_2_000007FE93D5D8C9 |
0_2_000007FE93D5D8C9 |
Source: C:\Users\user\Desktop\mine327.exe |
Code function: 0_2_000007FE93D667DA |
0_2_000007FE93D667DA |
Source: C:\Users\user\Desktop\mine327.exe |
Code function: 0_2_000007FE93D55EDC |
0_2_000007FE93D55EDC |
Source: C:\Users\user\Desktop\mine327.exe |
Code function: 0_2_000007FE93D606E0 |
0_2_000007FE93D606E0 |
Source: C:\Users\user\Desktop\mine327.exe |
Code function: 0_2_000007FE93D54670 |
0_2_000007FE93D54670 |
Source: C:\Users\user\Desktop\mine327.exe |
Code function: 0_2_000007FE93D5DD58 |
0_2_000007FE93D5DD58 |
Source: C:\Users\user\Desktop\mine327.exe |
Code function: 0_2_000007FE93D6BD38 |
0_2_000007FE93D6BD38 |
Source: C:\Users\user\Desktop\mine327.exe |
Code function: 0_2_000007FE93D6CCEE |
0_2_000007FE93D6CCEE |
Source: C:\Users\user\Desktop\mine327.exe |
Code function: 0_2_000007FE93D6220A |
0_2_000007FE93D6220A |
Source: C:\Users\user\Desktop\mine327.exe |
Code function: 0_2_000007FE93D510D0 |
0_2_000007FE93D510D0 |
Source: C:\Users\user\Desktop\mine327.exe |
Code function: 0_2_000007FE93D51098 |
0_2_000007FE93D51098 |
Source: C:\Users\user\Desktop\mine327.exe |
Code function: 0_2_000007FE93D69E84 |
0_2_000007FE93D69E84 |
Source: C:\Users\user\Desktop\mine327.exe |
Code function: 0_2_000007FE93E50E25 |
0_2_000007FE93E50E25 |
Source: C:\Windows\explorer.exe |
Code function: 2_2_0000000140003B30 |
2_2_0000000140003B30 |
Source: C:\Windows\System32\dialer.exe |
Code function: 3_2_000000014000226C |
3_2_000000014000226C |
Source: C:\Windows\System32\dialer.exe |
Code function: 3_2_00000001400014D8 |
3_2_00000001400014D8 |
Source: C:\Windows\System32\dialer.exe |
Code function: 3_2_0000000140002560 |
3_2_0000000140002560 |
Source: C:\Windows\System32\services.exe |
Code function: 6_2_001D38A8 |
6_2_001D38A8 |
Source: C:\Windows\System32\services.exe |
Code function: 6_2_001CD0E0 |
6_2_001CD0E0 |
Source: C:\Windows\System32\services.exe |
Code function: 6_2_001C1F2C |
6_2_001C1F2C |
Source: C:\Windows\System32\services.exe |
Code function: 6_2_002044A8 |
6_2_002044A8 |
Source: C:\Windows\System32\services.exe |
Code function: 6_2_001FDCE0 |
6_2_001FDCE0 |
Source: C:\Windows\System32\services.exe |
Code function: 6_2_001F2B2C |
6_2_001F2B2C |
Source: C:\Windows\System32\WerFault.exe |
Code function: 10_2_02482B2C |
10_2_02482B2C |
Source: C:\Windows\System32\WerFault.exe |
Code function: 10_2_0248DCE0 |
10_2_0248DCE0 |
Source: C:\Windows\System32\WerFault.exe |
Code function: 10_2_024944A8 |
10_2_024944A8 |
Source: C:\Windows\System32\winlogon.exe |
Code function: 12_2_009638A8 |
12_2_009638A8 |
Source: C:\Windows\System32\winlogon.exe |
Code function: 12_2_0095D0E0 |
12_2_0095D0E0 |
Source: C:\Windows\System32\winlogon.exe |
Code function: 12_2_00951F2C |
12_2_00951F2C |
Source: C:\Windows\System32\winlogon.exe |
Code function: 12_2_009944A8 |
12_2_009944A8 |
Source: C:\Windows\System32\winlogon.exe |
Code function: 12_2_0098DCE0 |
12_2_0098DCE0 |
Source: C:\Windows\System32\winlogon.exe |
Code function: 12_2_00982B2C |
12_2_00982B2C |
Source: C:\Windows\System32\sc.exe |
Code function: 13_2_001438A8 |
13_2_001438A8 |
Source: C:\Windows\System32\sc.exe |
Code function: 13_2_0013D0E0 |
13_2_0013D0E0 |
Source: C:\Windows\System32\sc.exe |
Code function: 13_2_00131F2C |
13_2_00131F2C |
Source: C:\Windows\System32\sc.exe |
Code function: 13_2_00162B2C |
13_2_00162B2C |
Source: C:\Windows\System32\sc.exe |
Code function: 13_2_001744A8 |
13_2_001744A8 |
Source: C:\Windows\System32\sc.exe |
Code function: 13_2_0016DCE0 |
13_2_0016DCE0 |
Source: C:\Windows\System32\conhost.exe |
Code function: 15_2_001E38A8 |
15_2_001E38A8 |
Source: C:\Windows\System32\conhost.exe |
Code function: 15_2_001DD0E0 |
15_2_001DD0E0 |
Source: C:\Windows\System32\conhost.exe |
Code function: 15_2_001D1F2C |
15_2_001D1F2C |
Source: C:\Windows\System32\conhost.exe |
Code function: 15_2_002144A8 |
15_2_002144A8 |
Source: C:\Windows\System32\conhost.exe |
Code function: 15_2_0020DCE0 |
15_2_0020DCE0 |
Source: C:\Windows\System32\conhost.exe |
Code function: 15_2_00202B2C |
15_2_00202B2C |
Source: C:\ProgramData\jjfvbumjfczj\oapavmkbdsqp.exe |
Code function: 16_2_000F38A8 |
16_2_000F38A8 |
Source: C:\ProgramData\jjfvbumjfczj\oapavmkbdsqp.exe |
Code function: 16_2_000ED0E0 |
16_2_000ED0E0 |
Source: C:\ProgramData\jjfvbumjfczj\oapavmkbdsqp.exe |
Code function: 16_2_000E1F2C |
16_2_000E1F2C |
Source: C:\ProgramData\jjfvbumjfczj\oapavmkbdsqp.exe |
Code function: 16_2_00282B2C |
16_2_00282B2C |
Source: C:\ProgramData\jjfvbumjfczj\oapavmkbdsqp.exe |
Code function: 16_2_002944A8 |
16_2_002944A8 |
Source: C:\ProgramData\jjfvbumjfczj\oapavmkbdsqp.exe |
Code function: 16_2_0028DCE0 |
16_2_0028DCE0 |
Source: C:\ProgramData\jjfvbumjfczj\oapavmkbdsqp.exe |
Code function: 16_2_002D38A8 |
16_2_002D38A8 |
Source: C:\ProgramData\jjfvbumjfczj\oapavmkbdsqp.exe |
Code function: 16_2_002CD0E0 |
16_2_002CD0E0 |
Source: C:\ProgramData\jjfvbumjfczj\oapavmkbdsqp.exe |
Code function: 16_2_002C1F2C |
16_2_002C1F2C |
Source: C:\ProgramData\jjfvbumjfczj\oapavmkbdsqp.exe |
Code function: 16_2_003044A8 |
16_2_003044A8 |
Source: C:\ProgramData\jjfvbumjfczj\oapavmkbdsqp.exe |
Code function: 16_2_002FDCE0 |
16_2_002FDCE0 |
Source: C:\ProgramData\jjfvbumjfczj\oapavmkbdsqp.exe |
Code function: 16_2_002F2B2C |
16_2_002F2B2C |
Source: C:\ProgramData\jjfvbumjfczj\oapavmkbdsqp.exe |
Code function: 16_2_FF696FCC |
16_2_FF696FCC |
Source: C:\ProgramData\jjfvbumjfczj\oapavmkbdsqp.exe |
Code function: 16_2_FF64020C |
16_2_FF64020C |
Source: C:\ProgramData\jjfvbumjfczj\oapavmkbdsqp.exe |
Code function: 16_2_FF65CF70 |
16_2_FF65CF70 |
Source: C:\ProgramData\jjfvbumjfczj\oapavmkbdsqp.exe |
Code function: 16_2_FF631F58 |
16_2_FF631F58 |
Source: C:\ProgramData\jjfvbumjfczj\oapavmkbdsqp.exe |
Code function: 16_2_FF662F20 |
16_2_FF662F20 |
Source: C:\ProgramData\jjfvbumjfczj\oapavmkbdsqp.exe |
Code function: 16_2_FF646FC0 |
16_2_FF646FC0 |
Source: C:\ProgramData\jjfvbumjfczj\oapavmkbdsqp.exe |
Code function: 16_2_FF6C6FB8 |
16_2_FF6C6FB8 |
Source: C:\ProgramData\jjfvbumjfczj\oapavmkbdsqp.exe |
Code function: 16_2_FF644FBC |
16_2_FF644FBC |
Source: C:\ProgramData\jjfvbumjfczj\oapavmkbdsqp.exe |
Code function: 16_2_FF69EF9C |
16_2_FF69EF9C |
Source: C:\ProgramData\jjfvbumjfczj\oapavmkbdsqp.exe |
Code function: 16_2_FF655E78 |
16_2_FF655E78 |
Source: C:\ProgramData\jjfvbumjfczj\oapavmkbdsqp.exe |
Code function: 16_2_FF640E24 |
16_2_FF640E24 |
Source: C:\ProgramData\jjfvbumjfczj\oapavmkbdsqp.exe |
Code function: 16_2_FF6A9E9C |
16_2_FF6A9E9C |
Source: C:\ProgramData\jjfvbumjfczj\oapavmkbdsqp.exe |
Code function: 16_2_FF652D48 |
16_2_FF652D48 |
Source: C:\ProgramData\jjfvbumjfczj\oapavmkbdsqp.exe |
Code function: 16_2_FF643D54 |
16_2_FF643D54 |
Source: C:\ProgramData\jjfvbumjfczj\oapavmkbdsqp.exe |
Code function: 16_2_FF6C0D30 |
16_2_FF6C0D30 |
Source: C:\ProgramData\jjfvbumjfczj\oapavmkbdsqp.exe |
Code function: 16_2_FF630D00 |
16_2_FF630D00 |
Source: C:\ProgramData\jjfvbumjfczj\oapavmkbdsqp.exe |
Code function: 16_2_FF647DA0 |
16_2_FF647DA0 |
Source: C:\ProgramData\jjfvbumjfczj\oapavmkbdsqp.exe |
Code function: 16_2_FF678D90 |
16_2_FF678D90 |
Source: C:\ProgramData\jjfvbumjfczj\oapavmkbdsqp.exe |
Code function: 16_2_FF631C1C |
16_2_FF631C1C |
Source: C:\ProgramData\jjfvbumjfczj\oapavmkbdsqp.exe |
Code function: 16_2_FF62BCCC |
16_2_FF62BCCC |
Source: C:\ProgramData\jjfvbumjfczj\oapavmkbdsqp.exe |
Code function: 16_2_FF635CD0 |
16_2_FF635CD0 |
Source: C:\ProgramData\jjfvbumjfczj\oapavmkbdsqp.exe |
Code function: 16_2_FF65DCA8 |
16_2_FF65DCA8 |
Source: C:\ProgramData\jjfvbumjfczj\oapavmkbdsqp.exe |
Code function: 16_2_FF641B7C |
16_2_FF641B7C |
Source: C:\ProgramData\jjfvbumjfczj\oapavmkbdsqp.exe |
Code function: 16_2_FF6A5BE8 |
16_2_FF6A5BE8 |
Source: C:\ProgramData\jjfvbumjfczj\oapavmkbdsqp.exe |
Code function: 16_2_FF6A0BF0 |
16_2_FF6A0BF0 |
Source: C:\ProgramData\jjfvbumjfczj\oapavmkbdsqp.exe |
Code function: 16_2_FF636BD4 |
16_2_FF636BD4 |
Source: C:\ProgramData\jjfvbumjfczj\oapavmkbdsqp.exe |
Code function: 16_2_FF65FBA0 |
16_2_FF65FBA0 |
Source: C:\ProgramData\jjfvbumjfczj\oapavmkbdsqp.exe |
Code function: 16_2_FF64FBB0 |
16_2_FF64FBB0 |
Source: C:\ProgramData\jjfvbumjfczj\oapavmkbdsqp.exe |
Code function: 16_2_FF62AB88 |
16_2_FF62AB88 |
Source: C:\ProgramData\jjfvbumjfczj\oapavmkbdsqp.exe |
Code function: 16_2_FF66AB94 |
16_2_FF66AB94 |
Source: C:\ProgramData\jjfvbumjfczj\oapavmkbdsqp.exe |
Code function: 16_2_FF62AA70 |
16_2_FF62AA70 |
Source: C:\ProgramData\jjfvbumjfczj\oapavmkbdsqp.exe |
Code function: 16_2_FF626A40 |
16_2_FF626A40 |
Source: C:\ProgramData\jjfvbumjfczj\oapavmkbdsqp.exe |
Code function: 16_2_FF676A54 |
16_2_FF676A54 |
Source: C:\ProgramData\jjfvbumjfczj\oapavmkbdsqp.exe |
Code function: 16_2_FF638AF0 |
16_2_FF638AF0 |
Source: C:\ProgramData\jjfvbumjfczj\oapavmkbdsqp.exe |
Code function: 16_2_FF652AC0 |
16_2_FF652AC0 |
Source: C:\ProgramData\jjfvbumjfczj\oapavmkbdsqp.exe |
Code function: 16_2_FF6A3ADC |
16_2_FF6A3ADC |
Source: C:\ProgramData\jjfvbumjfczj\oapavmkbdsqp.exe |
Code function: 16_2_FF64BAA0 |
16_2_FF64BAA0 |
Source: C:\ProgramData\jjfvbumjfczj\oapavmkbdsqp.exe |
Code function: 16_2_FF65CAA0 |
16_2_FF65CAA0 |
Source: C:\ProgramData\jjfvbumjfczj\oapavmkbdsqp.exe |
Code function: 16_2_FF66EAB0 |
16_2_FF66EAB0 |
Source: C:\ProgramData\jjfvbumjfczj\oapavmkbdsqp.exe |
Code function: 16_2_FF6C893C |
16_2_FF6C893C |
Source: C:\ProgramData\jjfvbumjfczj\oapavmkbdsqp.exe |
Code function: 16_2_FF622904 |
16_2_FF622904 |
Source: C:\ProgramData\jjfvbumjfczj\oapavmkbdsqp.exe |
Code function: 16_2_FF6AA910 |
16_2_FF6AA910 |
Source: C:\ProgramData\jjfvbumjfczj\oapavmkbdsqp.exe |
Code function: 16_2_FF6439D8 |
16_2_FF6439D8 |
Source: C:\ProgramData\jjfvbumjfczj\oapavmkbdsqp.exe |
Code function: 16_2_FF69A81C |
16_2_FF69A81C |
Source: C:\ProgramData\jjfvbumjfczj\oapavmkbdsqp.exe |
Code function: 16_2_FF62A8E8 |
16_2_FF62A8E8 |
Source: C:\ProgramData\jjfvbumjfczj\oapavmkbdsqp.exe |
Code function: 16_2_FF6A88D0 |
16_2_FF6A88D0 |
Source: C:\ProgramData\jjfvbumjfczj\oapavmkbdsqp.exe |
Code function: 16_2_FF6A98A8 |
16_2_FF6A98A8 |
Source: C:\ProgramData\jjfvbumjfczj\oapavmkbdsqp.exe |
Code function: 16_2_FF65D8B0 |
16_2_FF65D8B0 |
Source: C:\ProgramData\jjfvbumjfczj\oapavmkbdsqp.exe |
Code function: 16_2_FF63F8B4 |
16_2_FF63F8B4 |
Source: C:\ProgramData\jjfvbumjfczj\oapavmkbdsqp.exe |
Code function: 16_2_FF697888 |
16_2_FF697888 |
Source: C:\ProgramData\jjfvbumjfczj\oapavmkbdsqp.exe |
Code function: 16_2_FF65F750 |
16_2_FF65F750 |
Source: C:\ProgramData\jjfvbumjfczj\oapavmkbdsqp.exe |
Code function: 16_2_FF63B75C |
16_2_FF63B75C |
Source: C:\ProgramData\jjfvbumjfczj\oapavmkbdsqp.exe |
Code function: 16_2_FF65E720 |
16_2_FF65E720 |
Source: C:\ProgramData\jjfvbumjfczj\oapavmkbdsqp.exe |
Code function: 16_2_FF66A720 |
16_2_FF66A720 |
Source: C:\ProgramData\jjfvbumjfczj\oapavmkbdsqp.exe |
Code function: 16_2_FF624708 |
16_2_FF624708 |
Source: C:\ProgramData\jjfvbumjfczj\oapavmkbdsqp.exe |
Code function: 16_2_FF657708 |
16_2_FF657708 |
Source: C:\ProgramData\jjfvbumjfczj\oapavmkbdsqp.exe |
Code function: 16_2_FF6377D6 |
16_2_FF6377D6 |
Source: C:\ProgramData\jjfvbumjfczj\oapavmkbdsqp.exe |
Code function: 16_2_FF6A47A8 |
16_2_FF6A47A8 |
Source: C:\ProgramData\jjfvbumjfczj\oapavmkbdsqp.exe |
Code function: 16_2_FF63A7BC |
16_2_FF63A7BC |
Source: C:\ProgramData\jjfvbumjfczj\oapavmkbdsqp.exe |
Code function: 16_2_FF65A664 |
16_2_FF65A664 |
Source: C:\ProgramData\jjfvbumjfczj\oapavmkbdsqp.exe |
Code function: 16_2_FF62E670 |
16_2_FF62E670 |
Source: C:\ProgramData\jjfvbumjfczj\oapavmkbdsqp.exe |
Code function: 16_2_FF6A1654 |
16_2_FF6A1654 |
Source: C:\ProgramData\jjfvbumjfczj\oapavmkbdsqp.exe |
Code function: 16_2_FF623604 |
16_2_FF623604 |
Source: C:\ProgramData\jjfvbumjfczj\oapavmkbdsqp.exe |
Code function: 16_2_FF646618 |
16_2_FF646618 |
Source: C:\ProgramData\jjfvbumjfczj\oapavmkbdsqp.exe |
Code function: 16_2_FF66B6F0 |
16_2_FF66B6F0 |
Source: C:\ProgramData\jjfvbumjfczj\oapavmkbdsqp.exe |
Code function: 16_2_FF64D6A0 |
16_2_FF64D6A0 |
Source: C:\ProgramData\jjfvbumjfczj\oapavmkbdsqp.exe |
Code function: 16_2_FF65169C |
16_2_FF65169C |
Source: C:\ProgramData\jjfvbumjfczj\oapavmkbdsqp.exe |
Code function: 16_2_FF62F56C |
16_2_FF62F56C |
Source: C:\ProgramData\jjfvbumjfczj\oapavmkbdsqp.exe |
Code function: 16_2_FF6B157C |
16_2_FF6B157C |
Source: C:\ProgramData\jjfvbumjfczj\oapavmkbdsqp.exe |
Code function: 16_2_FF6585A0 |
16_2_FF6585A0 |
Source: C:\ProgramData\jjfvbumjfczj\oapavmkbdsqp.exe |
Code function: 16_2_FF6215B4 |
16_2_FF6215B4 |
Source: C:\ProgramData\jjfvbumjfczj\oapavmkbdsqp.exe |
Code function: 16_2_FF655468 |
16_2_FF655468 |
Source: C:\ProgramData\jjfvbumjfczj\oapavmkbdsqp.exe |
Code function: 16_2_FF62E478 |
16_2_FF62E478 |
Source: C:\ProgramData\jjfvbumjfczj\oapavmkbdsqp.exe |
Code function: 16_2_FF66C450 |
16_2_FF66C450 |
Source: C:\ProgramData\jjfvbumjfczj\oapavmkbdsqp.exe |
Code function: 16_2_FF63E45C |
16_2_FF63E45C |
Source: C:\ProgramData\jjfvbumjfczj\oapavmkbdsqp.exe |
Code function: 16_2_FF6AA434 |
16_2_FF6AA434 |
Source: C:\ProgramData\jjfvbumjfczj\oapavmkbdsqp.exe |
Code function: 16_2_FF62241C |
16_2_FF62241C |
Source: C:\ProgramData\jjfvbumjfczj\oapavmkbdsqp.exe |
Code function: 16_2_FF6A24D8 |
16_2_FF6A24D8 |
Source: C:\ProgramData\jjfvbumjfczj\oapavmkbdsqp.exe |
Code function: 16_2_FF66B488 |
16_2_FF66B488 |
Source: C:\ProgramData\jjfvbumjfczj\oapavmkbdsqp.exe |
Code function: 16_2_FF63F48C |
16_2_FF63F48C |
Source: C:\ProgramData\jjfvbumjfczj\oapavmkbdsqp.exe |
Code function: 16_2_FF652360 |
16_2_FF652360 |
Source: C:\ProgramData\jjfvbumjfczj\oapavmkbdsqp.exe |
Code function: 16_2_FF621364 |
16_2_FF621364 |
Source: C:\ProgramData\jjfvbumjfczj\oapavmkbdsqp.exe |
Code function: 16_2_FF65B328 |
16_2_FF65B328 |
Source: C:\ProgramData\jjfvbumjfczj\oapavmkbdsqp.exe |
Code function: 16_2_FF6A6334 |
16_2_FF6A6334 |
Source: C:\ProgramData\jjfvbumjfczj\oapavmkbdsqp.exe |
Code function: 16_2_FF646308 |
16_2_FF646308 |
Source: C:\ProgramData\jjfvbumjfczj\oapavmkbdsqp.exe |
Code function: 16_2_FF629310 |
16_2_FF629310 |
Source: C:\ProgramData\jjfvbumjfczj\oapavmkbdsqp.exe |
Code function: 16_2_FF6BC3E0 |
16_2_FF6BC3E0 |
Source: C:\ProgramData\jjfvbumjfczj\oapavmkbdsqp.exe |
Code function: 16_2_FF6483A8 |
16_2_FF6483A8 |
Source: C:\ProgramData\jjfvbumjfczj\oapavmkbdsqp.exe |
Code function: 16_2_FF64939C |
16_2_FF64939C |
Source: C:\ProgramData\jjfvbumjfczj\oapavmkbdsqp.exe |
Code function: 16_2_FF62C2AC |
16_2_FF62C2AC |
Source: C:\ProgramData\jjfvbumjfczj\oapavmkbdsqp.exe |
Code function: 16_2_FF69B110 |
16_2_FF69B110 |
Source: C:\ProgramData\jjfvbumjfczj\oapavmkbdsqp.exe |
Code function: 16_2_FF63A1E8 |
16_2_FF63A1E8 |
Source: C:\ProgramData\jjfvbumjfczj\oapavmkbdsqp.exe |
Code function: 16_2_FF62C1D0 |
16_2_FF62C1D0 |
Source: C:\ProgramData\jjfvbumjfczj\oapavmkbdsqp.exe |
Code function: 16_2_FF62D0C8 |
16_2_FF62D0C8 |
Source: C:\ProgramData\jjfvbumjfczj\oapavmkbdsqp.exe |
Code function: 16_2_FF65E0B0 |
16_2_FF65E0B0 |
Source: C:\Windows\System32\lsass.exe |
Code function: 17_2_001038A8 |
17_2_001038A8 |
Source: C:\Windows\System32\lsass.exe |
Code function: 17_2_000FD0E0 |
17_2_000FD0E0 |
Source: C:\Windows\System32\lsass.exe |
Code function: 17_2_000F1F2C |
17_2_000F1F2C |
Source: C:\Windows\System32\lsass.exe |
Code function: 17_2_009D44A8 |
17_2_009D44A8 |
Source: C:\Windows\System32\lsass.exe |
Code function: 17_2_009CDCE0 |
17_2_009CDCE0 |
Source: C:\Windows\System32\lsass.exe |
Code function: 17_2_009C2B2C |
17_2_009C2B2C |
Source: C:\Windows\System32\lsm.exe |
Code function: 19_2_001C38A8 |
19_2_001C38A8 |
Source: C:\Windows\System32\lsm.exe |
Code function: 19_2_001BD0E0 |
19_2_001BD0E0 |
Source: C:\Windows\System32\lsm.exe |
Code function: 19_2_001B1F2C |
19_2_001B1F2C |
Source: C:\Windows\System32\lsm.exe |
Code function: 19_2_002744A8 |
19_2_002744A8 |
Source: C:\Windows\System32\lsm.exe |
Code function: 19_2_0026DCE0 |
19_2_0026DCE0 |
Source: C:\Windows\System32\lsm.exe |
Code function: 19_2_00262B2C |
19_2_00262B2C |
Source: C:\Windows\System32\svchost.exe |
Code function: 20_2_0068D0E0 |
20_2_0068D0E0 |
Source: C:\Windows\System32\svchost.exe |
Code function: 20_2_006938A8 |
20_2_006938A8 |
Source: C:\Windows\System32\svchost.exe |
Code function: 20_2_00681F2C |
20_2_00681F2C |
Source: C:\Windows\System32\svchost.exe |
Code function: 20_2_006BDCE0 |
20_2_006BDCE0 |
Source: C:\Windows\System32\svchost.exe |
Code function: 20_2_006C44A8 |
20_2_006C44A8 |
Source: C:\Windows\System32\svchost.exe |
Code function: 20_2_006B2B2C |
20_2_006B2B2C |
Source: C:\Windows\System32\svchost.exe |
Code function: 22_2_014ADCE0 |
22_2_014ADCE0 |
Source: C:\Windows\System32\svchost.exe |
Code function: 22_2_014B44A8 |
22_2_014B44A8 |
Source: C:\Windows\System32\svchost.exe |
Code function: 22_2_014A2B2C |
22_2_014A2B2C |
Source: C:\Windows\System32\svchost.exe |
Code function: 23_2_00BD44A8 |
23_2_00BD44A8 |
Source: C:\Windows\System32\svchost.exe |
Code function: 23_2_00BCDCE0 |
23_2_00BCDCE0 |
Source: C:\Windows\System32\svchost.exe |
Code function: 23_2_00BC2B2C |
23_2_00BC2B2C |
Source: C:\Windows\System32\svchost.exe |
Code function: 24_2_00A844A8 |
24_2_00A844A8 |
Source: C:\Windows\System32\svchost.exe |
Code function: 24_2_00A7DCE0 |
24_2_00A7DCE0 |
Source: C:\Windows\System32\svchost.exe |
Code function: 24_2_00A72B2C |
24_2_00A72B2C |
Source: C:\Windows\System32\svchost.exe |
Code function: 25_2_00C6DCE0 |
25_2_00C6DCE0 |
Source: C:\Windows\System32\svchost.exe |
Code function: 25_2_00C744A8 |
25_2_00C744A8 |
Source: C:\Windows\System32\svchost.exe |
Code function: 25_2_00C62B2C |
25_2_00C62B2C |
Source: C:\Windows\System32\svchost.exe |
Code function: 26_2_001238A8 |
26_2_001238A8 |
Source: C:\Windows\System32\svchost.exe |
Code function: 26_2_0011D0E0 |
26_2_0011D0E0 |
Source: C:\Windows\System32\svchost.exe |
Code function: 26_2_00111F2C |
26_2_00111F2C |
Source: C:\Windows\System32\svchost.exe |
Code function: 26_2_002D44A8 |
26_2_002D44A8 |
Source: C:\Windows\System32\svchost.exe |
Code function: 26_2_002CDCE0 |
26_2_002CDCE0 |
Source: C:\Windows\System32\svchost.exe |
Code function: 26_2_002C2B2C |
26_2_002C2B2C |
Source: C:\Users\user\Desktop\mine327.exe |
Section loaded: version.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\mine327.exe |
Section loaded: vcruntime140_clr0400.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\mine327.exe |
Section loaded: ucrtbase_clr0400.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\mine327.exe |
Section loaded: cryptbase.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\mine327.exe |
Section loaded: bcrypt.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\mine327.exe |
Section loaded: cryptsp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\mine327.exe |
Section loaded: shfolder.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\mine327.exe |
Section loaded: amsi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\mine327.exe |
Section loaded: amsi.dll |
Jump to behavior |
Source: C:\Windows\System32\dialer.exe |
Section loaded: cryptbase.dll |
Jump to behavior |
Source: C:\Windows\System32\dialer.exe |
Section loaded: ntmarta.dll |
Jump to behavior |
Source: C:\Windows\System32\sc.exe |
Section loaded: cryptbase.dll |
Jump to behavior |
Source: C:\Windows\System32\sc.exe |
Section loaded: cryptbase.dll |
Jump to behavior |
Source: C:\Windows\System32\svchost.exe |
Section loaded: cryptbase.dll |
Jump to behavior |
Source: C:\Windows\System32\svchost.exe |
Section loaded: faultrep.dll |
Jump to behavior |
Source: C:\Windows\System32\svchost.exe |
Section loaded: wer.dll |
Jump to behavior |
Source: C:\Windows\System32\svchost.exe |
Section loaded: sspicli.dll |
Jump to behavior |
Source: C:\Windows\System32\sc.exe |
Section loaded: cryptbase.dll |
Jump to behavior |
Source: C:\Windows\System32\sc.exe |
Section loaded: cryptbase.dll |
Jump to behavior |
Source: C:\ProgramData\jjfvbumjfczj\oapavmkbdsqp.exe |
Section loaded: explorerframe.dll |
Jump to behavior |
Source: C:\ProgramData\jjfvbumjfczj\oapavmkbdsqp.exe |
Section loaded: duser.dll |
Jump to behavior |
Source: C:\ProgramData\jjfvbumjfczj\oapavmkbdsqp.exe |
Section loaded: dui70.dll |
Jump to behavior |
Source: C:\ProgramData\jjfvbumjfczj\oapavmkbdsqp.exe |
Section loaded: uxtheme.dll |
Jump to behavior |
Source: C:\ProgramData\jjfvbumjfczj\oapavmkbdsqp.exe |
Section loaded: powrprof.dll |
Jump to behavior |
Source: C:\ProgramData\jjfvbumjfczj\oapavmkbdsqp.exe |
Section loaded: dwmapi.dll |
Jump to behavior |
Source: C:\ProgramData\jjfvbumjfczj\oapavmkbdsqp.exe |
Section loaded: slc.dll |
Jump to behavior |
Source: C:\ProgramData\jjfvbumjfczj\oapavmkbdsqp.exe |
Section loaded: secur32.dll |
Jump to behavior |
Source: C:\ProgramData\jjfvbumjfczj\oapavmkbdsqp.exe |
Section loaded: sspicli.dll |
Jump to behavior |
Source: C:\ProgramData\jjfvbumjfczj\oapavmkbdsqp.exe |
Section loaded: propsys.dll |
Jump to behavior |
Source: C:\ProgramData\jjfvbumjfczj\oapavmkbdsqp.exe |
Section loaded: winsta.dll |
Jump to behavior |
Source: C:\ProgramData\jjfvbumjfczj\oapavmkbdsqp.exe |
Section loaded: cryptbase.dll |
Jump to behavior |
Source: C:\ProgramData\jjfvbumjfczj\oapavmkbdsqp.exe |
Section loaded: cryptsp.dll |
Jump to behavior |
Source: C:\ProgramData\jjfvbumjfczj\oapavmkbdsqp.exe |
Section loaded: rpcrtremote.dll |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Section loaded: explorerframe.dll |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Section loaded: duser.dll |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Section loaded: dui70.dll |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Section loaded: uxtheme.dll |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Section loaded: powrprof.dll |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Section loaded: dwmapi.dll |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Section loaded: slc.dll |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Section loaded: secur32.dll |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Section loaded: sspicli.dll |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Section loaded: propsys.dll |
Jump to behavior |
Source: C:\Windows\System32\svchost.exe |
Section loaded: rasapi32.dll |
Jump to behavior |
Source: C:\Windows\System32\svchost.exe |
Section loaded: rasman.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\mine327.exe |
Code function: 0_2_0055ACDD push rcx; retf 003Fh |
0_2_0055ACDE |
Source: C:\Users\user\Desktop\mine327.exe |
Code function: 0_2_0058C6DD push rcx; retf 003Fh |
0_2_0058C6DE |
Source: C:\Users\user\Desktop\mine327.exe |
Code function: 0_2_000007FE93D5DD58 push eax; retf |
0_2_000007FE93D5E039 |
Source: C:\Users\user\Desktop\mine327.exe |
Code function: 0_2_000007FE93D500BD pushad ; iretd |
0_2_000007FE93D500C1 |
Source: C:\Users\user\Desktop\mine327.exe |
Code function: 0_2_000007FE93D51E6D pushad ; retf |
0_2_000007FE93D51E81 |
Source: C:\Users\user\Desktop\mine327.exe |
Code function: 0_2_000007FE93D505F5 pushad ; retf |
0_2_000007FE93D505F9 |
Source: C:\Users\user\Desktop\mine327.exe |
Code function: 0_2_000007FE93E5026B push esp; retf 4810h |
0_2_000007FE93E50312 |
Source: C:\Windows\explorer.exe |
Code function: 2_2_0000000140001394 push qword ptr [000000014000A004h]; ret |
2_2_0000000140001403 |
Source: C:\Windows\System32\services.exe |
Code function: 6_2_001DACDD push rcx; retf 003Fh |
6_2_001DACDE |
Source: C:\Windows\System32\services.exe |
Code function: 6_2_0020C6DD push rcx; retf 003Fh |
6_2_0020C6DE |
Source: C:\Windows\System32\WerFault.exe |
Code function: 10_2_0249C6DD push rcx; retf 003Fh |
10_2_0249C6DE |
Source: C:\Windows\System32\winlogon.exe |
Code function: 12_2_0096ACDD push rcx; retf 003Fh |
12_2_0096ACDE |
Source: C:\Windows\System32\winlogon.exe |
Code function: 12_2_0099C6DD push rcx; retf 003Fh |
12_2_0099C6DE |
Source: C:\Windows\System32\sc.exe |
Code function: 13_2_0014ACDD push rcx; retf 003Fh |
13_2_0014ACDE |
Source: C:\Windows\System32\sc.exe |
Code function: 13_2_0017C6DD push rcx; retf 003Fh |
13_2_0017C6DE |
Source: C:\Windows\System32\conhost.exe |
Code function: 15_2_001EACDD push rcx; retf 003Fh |
15_2_001EACDE |
Source: C:\Windows\System32\conhost.exe |
Code function: 15_2_0021C6DD push rcx; retf 003Fh |
15_2_0021C6DE |
Source: C:\ProgramData\jjfvbumjfczj\oapavmkbdsqp.exe |
Code function: 16_2_000FACDD push rcx; retf 003Fh |
16_2_000FACDE |
Source: C:\ProgramData\jjfvbumjfczj\oapavmkbdsqp.exe |
Code function: 16_2_0029C6DD push rcx; retf 003Fh |
16_2_0029C6DE |
Source: C:\ProgramData\jjfvbumjfczj\oapavmkbdsqp.exe |
Code function: 16_2_002DACDD push rcx; retf 003Fh |
16_2_002DACDE |
Source: C:\ProgramData\jjfvbumjfczj\oapavmkbdsqp.exe |
Code function: 16_2_0030C6DD push rcx; retf 003Fh |
16_2_0030C6DE |
Source: C:\Windows\System32\lsass.exe |
Code function: 17_2_0010ACDD push rcx; retf 003Fh |
17_2_0010ACDE |
Source: C:\Windows\System32\lsass.exe |
Code function: 17_2_009DC6DD push rcx; retf 003Fh |
17_2_009DC6DE |
Source: C:\Windows\System32\lsm.exe |
Code function: 19_2_001CACDD push rcx; retf 003Fh |
19_2_001CACDE |
Source: C:\Windows\System32\lsm.exe |
Code function: 19_2_0027C6DD push rcx; retf 003Fh |
19_2_0027C6DE |
Source: C:\Windows\System32\svchost.exe |
Code function: 20_2_0069ACDD push rcx; retf 003Fh |
20_2_0069ACDE |
Source: C:\Windows\System32\svchost.exe |
Code function: 20_2_006CC6DD push rcx; retf 003Fh |
20_2_006CC6DE |
Source: C:\Windows\System32\svchost.exe |
Code function: 22_2_014BC6DD push rcx; retf 003Fh |
22_2_014BC6DE |
Source: C:\Windows\System32\svchost.exe |
Code function: 23_2_00BDC6DD push rcx; retf 003Fh |
23_2_00BDC6DE |
Source: C:\Windows\System32\svchost.exe |
Code function: 24_2_00A8C6DD push rcx; retf 003Fh |
24_2_00A8C6DE |
Source: C:\Windows\System32\svchost.exe |
Code function: 25_2_00C7C6DD push rcx; retf 003Fh |
25_2_00C7C6DE |
Source: C:\ProgramData\jjfvbumjfczj\oapavmkbdsqp.exe |
Code function: 16_2_FF675F80 IsWindowVisible,IsIconic,IsWindowEnabled,GetWindowLongW,GetSystemMenu,GetMenuState, |
16_2_FF675F80 |
Source: C:\ProgramData\jjfvbumjfczj\oapavmkbdsqp.exe |
Code function: 16_2_FF664D94 SendMessageW,SendMessageW,GetAncestor,GetLastActivePopup,IsIconic,IsWindowEnabled,SwitchToThisWindow,IsWindowVisible,IsWindowEnabled,GetWindow,IsIconic,ShowWindowAsync, |
16_2_FF664D94 |
Source: C:\ProgramData\jjfvbumjfczj\oapavmkbdsqp.exe |
Code function: 16_2_FF664D94 SendMessageW,SendMessageW,GetAncestor,GetLastActivePopup,IsIconic,IsWindowEnabled,SwitchToThisWindow,IsWindowVisible,IsWindowEnabled,GetWindow,IsIconic,ShowWindowAsync, |
16_2_FF664D94 |
Source: C:\ProgramData\jjfvbumjfczj\oapavmkbdsqp.exe |
Code function: 16_2_FF62ACE8 IsIconic, |
16_2_FF62ACE8 |
Source: C:\ProgramData\jjfvbumjfczj\oapavmkbdsqp.exe |
Code function: 16_2_FF664CFC IsWindow,IsIconic,GetForegroundWindow,ShowWindowAsync,PostMessageW, |
16_2_FF664CFC |
Source: C:\ProgramData\jjfvbumjfczj\oapavmkbdsqp.exe |
Code function: 16_2_FF65BB9C ShowWindow,IsIconic,SendMessageW,PostMessageW,PostMessageW,EventEnabled, |
16_2_FF65BB9C |
Source: C:\ProgramData\jjfvbumjfczj\oapavmkbdsqp.exe |
Code function: 16_2_FF676530 ShowWindow,IsIconic,SendMessageW,PostMessageW,PostMessageW,IsCompositionActive, |
16_2_FF676530 |
Source: C:\ProgramData\jjfvbumjfczj\oapavmkbdsqp.exe |
Code function: 16_2_FF65F410 IsIconic,GetWindowLongW,IsWindowVisible, |
16_2_FF65F410 |
Source: C:\ProgramData\jjfvbumjfczj\oapavmkbdsqp.exe |
Code function: 16_2_FF65B328 GetMonitorInfoW,IntersectRect,SetPropW,GetModuleHandleW,LoadIconW,SendMessageW,#100,SHGetKnownFolderIDList,#155,RemovePropW,DestroyWindow,SystemParametersInfoW,OffsetRect,IsIconic,GetCurrentProcessId,SendMessageTimeoutW,GetCurrentProcessId,#8,#9,GetCurrentProcessId,#10, |
16_2_FF65B328 |
Source: C:\ProgramData\jjfvbumjfczj\oapavmkbdsqp.exe |
Code function: 16_2_FF65F3D3 IsIconic,GetWindowLongW, |
16_2_FF65F3D3 |
Source: C:\Users\user\Desktop\mine327.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\mine327.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\mine327.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\mine327.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\mine327.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\mine327.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\mine327.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\mine327.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\mine327.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\mine327.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\mine327.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\mine327.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\mine327.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\mine327.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\mine327.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\mine327.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\mine327.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\mine327.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\mine327.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\mine327.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\mine327.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\mine327.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\mine327.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\mine327.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\mine327.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\mine327.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\mine327.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\mine327.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\mine327.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\mine327.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\mine327.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\mine327.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\mine327.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\mine327.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\mine327.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\mine327.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\mine327.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\mine327.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\mine327.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\services.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\services.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\services.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\services.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\services.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\svchost.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\svchost.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\svchost.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\svchost.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\svchost.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WerFault.exe |
Process information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\WerFault.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\svchost.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\System32\svchost.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\explorer.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\explorer.exe |
Process information set: NOOPENFILEERRORBOX |
|
Source: C:\Windows\System32\dialer.exe TID: 1036 |
Thread sleep count: 917 > 30 |
Jump to behavior |
Source: C:\Windows\System32\dialer.exe TID: 1036 |
Thread sleep time: -91700s >= -30000s |
Jump to behavior |
Source: C:\Windows\System32\services.exe TID: 2912 |
Thread sleep count: 7129 > 30 |
Jump to behavior |
Source: C:\Windows\System32\services.exe TID: 2912 |
Thread sleep time: -7129000s >= -30000s |
Jump to behavior |
Source: C:\Windows\System32\services.exe TID: 2912 |
Thread sleep count: 1873 > 30 |
Jump to behavior |
Source: C:\Windows\System32\services.exe TID: 2912 |
Thread sleep time: -1873000s >= -30000s |
Jump to behavior |
Source: C:\Windows\System32\winlogon.exe TID: 1292 |
Thread sleep count: 7690 > 30 |
Jump to behavior |
Source: C:\Windows\System32\winlogon.exe TID: 1292 |
Thread sleep time: -7690000s >= -30000s |
Jump to behavior |
Source: C:\Windows\System32\winlogon.exe TID: 1292 |
Thread sleep count: 901 > 30 |
Jump to behavior |
Source: C:\Windows\System32\winlogon.exe TID: 1292 |
Thread sleep time: -901000s >= -30000s |
Jump to behavior |
Source: C:\ProgramData\jjfvbumjfczj\oapavmkbdsqp.exe TID: 2008 |
Thread sleep time: -60000s >= -30000s |
Jump to behavior |
Source: C:\Windows\System32\lsass.exe TID: 1416 |
Thread sleep count: 5563 > 30 |
Jump to behavior |
Source: C:\Windows\System32\lsass.exe TID: 1416 |
Thread sleep time: -5563000s >= -30000s |
Jump to behavior |
Source: C:\Windows\System32\lsass.exe TID: 1416 |
Thread sleep count: 3625 > 30 |
Jump to behavior |
Source: C:\Windows\System32\lsass.exe TID: 1416 |
Thread sleep time: -3625000s >= -30000s |
Jump to behavior |
Source: C:\Windows\System32\lsm.exe TID: 1200 |
Thread sleep count: 5071 > 30 |
Jump to behavior |
Source: C:\Windows\System32\lsm.exe TID: 1200 |
Thread sleep time: -5071000s >= -30000s |
Jump to behavior |
Source: C:\Windows\System32\svchost.exe TID: 2572 |
Thread sleep count: 6772 > 30 |
Jump to behavior |
Source: C:\Windows\System32\svchost.exe TID: 2572 |
Thread sleep time: -6772000s >= -30000s |
Jump to behavior |
Source: C:\Windows\System32\svchost.exe TID: 2436 |
Thread sleep count: 6568 > 30 |
Jump to behavior |
Source: C:\Windows\System32\svchost.exe TID: 2436 |
Thread sleep time: -6568000s >= -30000s |
Jump to behavior |
Source: C:\Windows\System32\svchost.exe TID: 2228 |
Thread sleep count: 3236 > 30 |
Jump to behavior |
Source: C:\Windows\System32\svchost.exe TID: 2228 |
Thread sleep time: -3236000s >= -30000s |
Jump to behavior |
Source: C:\Windows\System32\svchost.exe TID: 1736 |
Thread sleep time: -60000s >= -30000s |
Jump to behavior |
Source: C:\Windows\System32\svchost.exe TID: 2924 |
Thread sleep count: 2293 > 30 |
Jump to behavior |
Source: C:\Windows\System32\svchost.exe TID: 2924 |
Thread sleep time: -2293000s >= -30000s |
Jump to behavior |
Source: C:\Windows\System32\svchost.exe TID: 2872 |
Thread sleep count: 5696 > 30 |
Jump to behavior |
Source: C:\Windows\System32\svchost.exe TID: 2872 |
Thread sleep time: -5696000s >= -30000s |
Jump to behavior |
Source: C:\Windows\System32\svchost.exe TID: 2172 |
Thread sleep count: 3706 > 30 |
Jump to behavior |
Source: C:\Windows\System32\svchost.exe TID: 2172 |
Thread sleep time: -3706000s >= -30000s |
Jump to behavior |
Source: C:\Windows\System32\svchost.exe TID: 264 |
Thread sleep time: -120000s >= -30000s |
Jump to behavior |
Source: C:\Windows\System32\svchost.exe TID: 2260 |
Thread sleep count: 2268 > 30 |
|
Source: C:\Windows\System32\svchost.exe TID: 2260 |
Thread sleep time: -2268000s >= -30000s |
|
Source: C:\Windows\System32\svchost.exe TID: 2728 |
Thread sleep count: 5480 > 30 |
|
Source: C:\Windows\System32\svchost.exe TID: 2728 |
Thread sleep time: -5480000s >= -30000s |
|
Source: C:\Windows\System32\spoolsv.exe TID: 2192 |
Thread sleep count: 4975 > 30 |
|
Source: C:\Windows\System32\spoolsv.exe TID: 2192 |
Thread sleep time: -4975000s >= -30000s |
|
Source: C:\Windows\System32\svchost.exe TID: 3076 |
Thread sleep count: 2279 > 30 |
|
Source: C:\Windows\System32\svchost.exe TID: 3076 |
Thread sleep time: -2279000s >= -30000s |
|
Source: C:\Windows\System32\dwm.exe TID: 3084 |
Thread sleep count: 5066 > 30 |
|
Source: C:\Windows\System32\dwm.exe TID: 3084 |
Thread sleep time: -5066000s >= -30000s |
|
Source: C:\Windows\explorer.exe TID: 3100 |
Thread sleep count: 9733 > 30 |
|
Source: C:\Windows\explorer.exe TID: 3100 |
Thread sleep time: -9733000s >= -30000s |
|
Source: C:\Windows\explorer.exe TID: 1340 |
Thread sleep time: -420000s >= -30000s |
|
Source: C:\Windows\System32\UI0Detect.exe TID: 3116 |
Thread sleep count: 2826 > 30 |
|
Source: C:\Windows\System32\UI0Detect.exe TID: 3116 |
Thread sleep time: -2826000s >= -30000s |
|
Source: C:\Windows\System32\wbem\WmiPrvSE.exe TID: 1876 |
Thread sleep time: -60000s >= -30000s |
|
Source: C:\Windows\System32\svchost.exe TID: 3152 |
Thread sleep count: 2262 > 30 |
|
Source: C:\Windows\System32\svchost.exe TID: 3152 |
Thread sleep time: -2262000s >= -30000s |
|
Source: C:\Windows\System32\wbem\WmiPrvSE.exe TID: 3160 |
Thread sleep count: 1931 > 30 |
|
Source: C:\Windows\System32\wbem\WmiPrvSE.exe TID: 3160 |
Thread sleep time: -1931000s >= -30000s |
|
Source: C:\Windows\System32\wbem\WmiPrvSE.exe TID: 2808 |
Thread sleep time: -180000s >= -30000s |
|
Source: C:\Windows\System32\wbem\WmiPrvSE.exe TID: 2208 |
Thread sleep time: -120000s >= -30000s |
|
Source: C:\Windows\System32\dialer.exe |
Last function: Thread delayed |
Source: C:\Windows\System32\dialer.exe |
Last function: Thread delayed |
Source: C:\Windows\System32\services.exe |
Last function: Thread delayed |
Source: C:\Windows\System32\services.exe |
Last function: Thread delayed |
Source: C:\Windows\System32\conhost.exe |
Last function: Thread delayed |
Source: C:\ProgramData\jjfvbumjfczj\oapavmkbdsqp.exe |
Last function: Thread delayed |
Source: C:\Windows\System32\lsass.exe |
Last function: Thread delayed |
Source: C:\Windows\System32\lsass.exe |
Last function: Thread delayed |
Source: C:\Windows\System32\svchost.exe |
Last function: Thread delayed |
Source: C:\Windows\System32\svchost.exe |
Last function: Thread delayed |
Source: C:\Windows\System32\svchost.exe |
Last function: Thread delayed |
Source: C:\Windows\System32\svchost.exe |
Last function: Thread delayed |
Source: C:\Windows\System32\svchost.exe |
Last function: Thread delayed |
Source: C:\Windows\System32\svchost.exe |
Last function: Thread delayed |
Source: C:\Windows\System32\svchost.exe |
Last function: Thread delayed |
Source: C:\Windows\System32\svchost.exe |
Last function: Thread delayed |
Source: C:\Windows\System32\svchost.exe |
Last function: Thread delayed |
Source: C:\Windows\System32\svchost.exe |
Last function: Thread delayed |
Source: C:\Windows\System32\svchost.exe |
Last function: Thread delayed |
Source: C:\Windows\System32\svchost.exe |
Last function: Thread delayed |
Source: C:\Windows\System32\svchost.exe |
Last function: Thread delayed |
Source: C:\Windows\System32\svchost.exe |
Last function: Thread delayed |
Source: C:\Windows\System32\svchost.exe |
Last function: Thread delayed |
Source: C:\Windows\System32\svchost.exe |
Last function: Thread delayed |
Source: C:\Windows\System32\svchost.exe |
Last function: Thread delayed |
Source: C:\Windows\System32\svchost.exe |
Last function: Thread delayed |
Source: C:\Windows\System32\wbem\WmiPrvSE.exe |
Last function: Thread delayed |
Source: C:\Windows\System32\wbem\WmiPrvSE.exe |
Last function: Thread delayed |
Source: C:\Windows\System32\svchost.exe |
Last function: Thread delayed |
Source: C:\Windows\System32\svchost.exe |
Last function: Thread delayed |
Source: C:\Windows\System32\wbem\WmiPrvSE.exe |
Last function: Thread delayed |
Source: C:\Windows\System32\wbem\WmiPrvSE.exe |
Last function: Thread delayed |
Source: C:\Windows\System32\wbem\WmiPrvSE.exe |
Last function: Thread delayed |
Source: C:\Windows\System32\wbem\WmiPrvSE.exe |
Last function: Thread delayed |
Source: WmiPrvSE.exe, 00000022.00000003.441341124.00000000003FF000.00000004.00000001.00020000.00000000.sdmp |
Binary or memory string: VMware Virtual Platform |
Source: WmiPrvSE.exe, 00000022.00000003.441341124.00000000003FF000.00000004.00000001.00020000.00000000.sdmp |
Binary or memory string: VMware-42 35 04 92 67 3a 19 1e-bc 53 01 84 57 2e e5 5c |
Source: mine327.exe, 00000000.00000002.377843630.00000000029FE000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: VMware |
Source: svchost.exe, 00000019.00000000.346906062.0000000001170000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: \\?\IDE#CdRomNECVMWar_VMware_SATA_CD01_______________1.00____#6&373888b8&0&1.0.0#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}u |
Source: svchost.exe, 00000014.00000000.343474746.0000000000673000.00000004.00000001.00020000.00000000.sdmp |
Binary or memory string: ;;SCSI\DISK&VEN_VMWARE&PROD_VIRTUAL_DISK\5&22BE343F&0&000000 |
Source: svchost.exe, 00000019.00000000.346906062.0000000001170000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: \\?\IDE#CdRomNECVMWar_VMware_SATA_CD01_______________1.00____#6&373888b8&0&1.0.0#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}r |
Source: spoolsv.exe, 0000001C.00000000.348519570.00000000027AE000.00000004.00000010.00020000.00000000.sdmp |
Binary or memory string: SCSI\DISK&VEN_VMWARE&PROD_VIRTUAL_DISK\5&22BE343F&0&000000P |
Source: svchost.exe, 00000019.00000000.346906062.0000000001170000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: \\?\SCSI#Disk&Ven_VMware&Prod_Virtual_disk#5&22be343f&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}u |
Source: services.exe, 00000006.00000002.607282545.0000000000FAB000.00000004.00000001.00020000.00000000.sdmp |
Binary or memory string: 53f5630d-b6bf-11d0-94f2-00a0c91efb8b\\?\IDE#CdRomNECVMWar_VMware_SATA_CD01_______________1.00____#6&373888b8&0&1.0.0#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}IDE\CdRomNECVMWar_VMware_SATA_CD01_______________1.00____IDE\NECVMWar_VMware_SATA_CD01_______________1.00____IDE\CdRo |
Source: svchost.exe, 00000014.00000002.606686716.0000000000F67000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: CdRomNECVMWar_VMware_SATA_CD01_______________1.00____#6&373888b8&0&1.0.0#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{8a079453-cd11-11ea-a1d0-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{8a079453-cd11-11ea-a1d0-806e6f6e6963}#0000000006500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}LMEM |
Source: mine327.exe, 00000000.00000002.377843630.00000000029FE000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: C:\PROGRAM FILES\VMWARE\VMWARE TOOLS\ |
Source: svchost.exe, 00000019.00000000.346906062.0000000001170000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: \\?\IDE#CdRomNECVMWar_VMware_SATA_CD01_______________1.00____#6&373888b8&0&1.0.0#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}} |
Source: svchost.exe, 00000014.00000002.606686716.0000000000F67000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: SCSI\Disk&Ven_VMware&Prod_Virtual_disk\5&22be343f&0&000000 |
Source: mine327.exe, 00000000.00000002.377843630.00000000029FE000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: VMWARE |
Source: mine327.exe, 00000000.00000002.377843630.00000000029FE000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: InstallPath%C:\PROGRAM FILES\VMWARE\VMWARE TOOLS\'C:\WINDOWS\system32\drivers\vmmouse.sys&C:\WINDOWS\system32\drivers\vmhgfs.sys |
Source: svchost.exe, 00000014.00000002.602992913.00000000001E3000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: ide\cdromnecvmwar_vmware_sata_cd01_______________1.00____\6&373888b8&0&1.0.0 |
Source: svchost.exe, 00000019.00000002.610594695.0000000004884000.00000004.00000001.00020000.00000000.sdmp |
Binary or memory string: SCSI\Disk&Ven_VMware&Prod_Virtual_disk\5&22be343f&0&000000_0-{05901221-D566-11d1-B2F0-00A0C9062910} |
Source: svchost.exe, 00000019.00000003.533428455.000000000378A000.00000004.00000001.00020000.00000000.sdmp |
Binary or memory string: stringComputer System ProductComputer System Product9BUL1B92043542-3A67-1E19-BC53-0184572EE55CVMware, Inc.None |
Source: spoolsv.exe, 0000001C.00000000.348519570.00000000027AE000.00000004.00000010.00020000.00000000.sdmp |
Binary or memory string: \DISK&VEN_VMWARE&PRO |
Source: WmiPrvSE.exe, 00000022.00000003.441341124.00000000003FF000.00000004.00000001.00020000.00000000.sdmp |
Binary or memory string: VMware, Inc.VMware Virtual PlatformNoneVMware-42 35 04 92 67 3a 19 1e-bc 53 01 84 57 2e e5 5c |
Source: services.exe, 00000006.00000000.341821779.0000000001783000.00000004.00000001.00020000.00000000.sdmp |
Binary or memory string: 53f56308-b6bf-11d0-94f2-00a0c91efb8b\\?\IDE#CdRomNECVMWar_VMware_SATA_CD01_______________1.00____#6&373888b8&0&1.0.0#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}IDE\CdRomNECVMWar_VMware_SATA_CD01_______________1.00____IDE\NECVMWar_VMware_SATA_CD01_______________1.00____IDE\CdRomNECVMWar_VMware_SATA_CD01_______________NECVMWar_VMware_SATA_CD01_______________1.00____GenCdRomGenCdRomb8 |
Source: svchost.exe, 00000019.00000002.609571037.0000000003658000.00000004.00000001.00020000.00000000.sdmp |
Binary or memory string: WMIBinaryMofResourceSCSI\Disk&Ven_VMware&Prod_Virtual_disk\5&22be343f&0&000000_0-{05901221-D566-11d1-B2F0-00A0C9062910} |
Source: services.exe, 00000006.00000002.608272793.000000000179C000.00000004.00000001.00020000.00000000.sdmp |
Binary or memory string: ______________1.00____#6&373888b8&0&1.0.0#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}IDE\CdRomNECVMWar_VMware_SATA_CD01_______________1.00____IDE\NECVMWar_VMware_SATA_CD01_______________1.00____IDE\CdRomNECVMWar_VMware_SATA_CD01_______________NECVMWar_VMware_SATA_CD01_______________1.00____GenCdRomGenCdRom2accfe60-c130-11d2-b082-00a0c91efb8b\\?\PCIIDE#IDEChannel#5&35c44269&0&4#{2accfe60-c130-11d2-b082-00a0c91efb8b}15ad-07e0Internal_IDE_Channel*PNP06008 |
Source: svchost.exe, 00000016.00000002.605131595.0000000002100000.00000004.00000001.00020000.00000000.sdmp |
Binary or memory string: $value = $pr.Value.replace("VBOX", $value).replace("VBox", $value).replace("VMWARE", $value).replace("VMware Virtual disk", $value).replace("VMware", $value).replace("HARDDISK", "WDC").replace("VIRTUAL_DISK", $value) |
Source: services.exe, 00000006.00000000.341821779.0000000001783000.00000004.00000001.00020000.00000000.sdmp |
Binary or memory string: 53f56307-b6bf-11d0-94f2-00a0c91efb8b\\?\SCSI#Disk&Ven_VMware&Prod_Virtual_disk#5&22be343f&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}SCSI\DiskVMware__Virtual_disk____1.0_SCSI\DiskVMware__Virtual_disk____SCSI\DiskVMware__SCSI\VMware__Virtual_disk____1VMware__Virtual_disk____1GenDiskSCSI\DiskSCSI\RAW3 |
Source: svchost.exe, 00000019.00000002.603306949.00000000002EF000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: zSCSI\Disk&Ven_VMware&Prod_Virtual_disk\5&22be343f&0&000000_0r |
Source: WmiPrvSE.exe, 00000022.00000003.441760961.00000000003AB000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: IDE\CDROMNECVMWAR_VMWARE_SATA_CD01_______________1.00____\6&373888B8&0&1.0.0y |
Source: services.exe, 00000006.00000000.341821779.0000000001783000.00000004.00000001.00020000.00000000.sdmp |
Binary or memory string: 53f56308-b6bf-11d0-94f2-00a0c91efb8b\\?\IDE#CdRomNECVMWar_VMware_SATA_CD01_______________1.00____#6&373888b8&0&1.0.0#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}IDE\CdRomNECVMWar_VMware_SATA_CD01_______________1.00____IDE\NECVMWar_VMware_SATA_CD01_______________1.00____IDE\CdRomNECVMWar_VMware_SATA_CD01_______________NECVMWar_VMware_SATA_CD01_______________1.00____GenCdRomGenCdRoml8 |
Source: svchost.exe, 00000019.00000000.347320164.0000000003E48000.00000004.00000001.00020000.00000000.sdmp |
Binary or memory string: Win32_ComputerSystemuser-PCWin32_ComputerSystemuser-PCOKuser-PC\userx64-based PCNormal bootVMware, Inc.VMware Virtual Platform |
Source: mine327.exe, 00000000.00000002.377843630.00000000029FE000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: C:\WINDOWS\system32\drivers\vmmouse.sys |
Source: mine327.exe, 00000000.00000002.377843630.00000000029FE000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: vmware |
Source: mine327.exe, 00000000.00000002.377843630.00000000029FE000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: C:\WINDOWS\system32\drivers\vmhgfs.sys |
Source: explorer.exe, 0000001F.00000002.606706574.0000000003E59000.00000004.00000001.00020000.00000000.sdmp |
Binary or memory string: IDE\CDROMNECVMWAR_VMWARE_SATA_CD01_______________1.00____\6&373888B8&0&1.0.0 |
Source: svchost.exe, 00000014.00000002.602992913.00000000001E3000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: ide\cdromnecvmwar_vmware_sata_cd01_______________1.00____\6&2848384c&0&1.0.0 |
Source: svchost.exe, 00000019.00000000.347411701.000000000482C000.00000004.00000001.00020000.00000000.sdmp |
Binary or memory string: VMware Virtual disk SCSI Disk Device |
Source: mine327.exe, 00000000.00000002.377843630.00000000029FE000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: noValueButYesKey)C:\WINDOWS\system32\drivers\VBoxMouse.sys |
Source: svchost.exe, 00000016.00000002.605131595.0000000002100000.00000004.00000001.00020000.00000000.sdmp |
Binary or memory string: if(($pr.Name -eq "DeviceId" -or $pr.Name -eq "Caption" -or $pr.Name -eq "Name" -or $pr.Name -eq "PNPDeviceID" -or $pr.Name -eq "Service" -or $pr.Name -eq "Description") -and ($pr.Value -match 'VEN_80EE' -or $pr.Value -match 'VEN_15AD' -or $pr.Value -match 'VBOX' -or $pr.Value -match 'VBox' -or $pr.Value -match 'VMWARE' -or $pr.Value -match 'VMWare' -or $pr.Value -match '82801FB' -or $pr.Value -match '82441FX' -or $pr.Value -match '82371SB' -or $pr.Value -match 'OpenHCD')) |
Source: mine327.exe, 00000000.00000002.377843630.00000000029FE000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: C:\WINDOWS\system32\drivers\VBoxMouse.sys |
Source: svchost.exe, 00000019.00000002.603306949.00000000002EF000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: VMware |
Source: svchost.exe, 00000014.00000000.343599035.000000000177E000.00000004.00000001.00020000.00000000.sdmp |
Binary or memory string: \ven_15ad&dev_07a0&subsys_07a015ad&rev_01\3&2b8e0b4b&0&b0pci\ven_15ad&dev_07a0&subsys_07a015ad&rev_01\3&2b8e0b4b&0&b8acpi\pnp0a05\5aroot\ms_pppoeminiport\0000root\legacy_discache\0000pci\ven_15ad&dev_07a0&subsys_07a015ad&rev_01\3&2b8e0b4b&0&c0acpi\pnp0a05\23usb\vid_0e0f&pid_0003&mi_01\7&2a7d3009&0&0001pciide\idechannel\4&c5d1198&0&0acpi\pnp0a05\4&205ad762&0acpi\pnp0a05\5broot\legacy_ndproxy\0000acpi\pnp0a05\24pciide\idechannel\5&35c44269&0&5root\legacy_storflt\0000pciide\idechannel\5&35c44269&0&19root\ms_pptpminiport\0000ide\cdromnecvmwar_vmware_sata_cd01_______________1.00____\6&373888b8&0&1.0.0acpi\pnp0a05\5cacpi\pnp0a05\25acpi\pnp0a05\40pciide\idechannel\4&c5d1198&0&1acpi\pnp0a05\5droot\legacy_tcpip\0000acpi\pnp0a05\26pciide\idechannel\5&35c44269&0&6root\ms_sstpminiport\0000pci\ven_15ad&dev_07a0&subsys_07a015ad&rev_01\3&2b8e0b4b&0&a9acpi\pnp0a05\41pci\ven_15ad&dev_07a0&subsys_07a015ad&rev_01\3&2b8e0b4b&0&b1pciide\idechannel\5&35c44269&0&2pci\ven_15ad&dev_07a0&subsys_07a015ad&rev_01\3&2b8e0b4b&0&b9pci\ven_15ad&dev_07a0&subsys_07a015ad&rev_01 |
Source: WmiPrvSE.exe, 00000022.00000003.441341124.00000000003FF000.00000004.00000001.00020000.00000000.sdmp |
Binary or memory string: VMware SVGA IIES1371 |
Source: explorer.exe, 0000001F.00000002.604991513.00000000025E0000.00000004.00000001.00020000.00000000.sdmp |
Binary or memory string: IDE\CDROMNECVMWAR_VMWARE_SATA_CD01_______________1.00____\6&373888B8&0&1.0.0a |
Source: svchost.exe, 00000016.00000002.605131595.0000000002100000.00000004.00000001.00020000.00000000.sdmp |
Binary or memory string: if(($pr.Name -eq "Caption" -or $pr.Name -eq "Name" -or $pr.Name -eq "PNPDeviceID" -or $pr.Name -eq "AdapterCompatibility" -or $pr.Name -eq "Description" -or $pr.Name -eq "InfSection" -or $pr.Name -eq "VideoProcessor") -and ($pr.Value -match 'VBOX' -or $pr.Value -match 'VBox' -or $pr.Value -match 'VMWARE' -or $pr.Value -match 'VirtualBox' -or $pr.Value -match 'VMware' -or $pr.Value -match 'Oracle Corporation' -or $pr.Value -match 'Microsoft Basic Display Adapter')) |
Source: svchost.exe, 00000014.00000002.602992913.0000000000210000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: 1SCSI\DISK&VEN_VMWARE&PROD_VIRTUAL_DISK\5&22BE343F&0&000000 |
Source: explorer.exe, 0000001F.00000000.349660283.00000000001D6000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: \\?\IDE#CdRomNECVMWar_VMware_SATA_CD01_______________1.00____#6&373888b8&0&1.0.0#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}7 |
Source: svchost.exe, 00000019.00000002.609571037.00000000035A1000.00000004.00000001.00020000.00000000.sdmp |
Binary or memory string: WDMClassesOfDriverMSStorageDriver_SenseDataSCSI\Disk&Ven_VMware&Prod_Virtual_disk\5&22be343f&0&000000_0-{05901221-D566-11d1-B2F0-00A0C9062910} |
Source: services.exe, 00000006.00000000.341821779.0000000001783000.00000004.00000001.00020000.00000000.sdmp |
Binary or memory string: 53f56308-b6bf-11d0-94f2-00a0c91efb8b\\?\IDE#CdRomNECVMWar_VMware_SATA_CD01_______________1.00____#6&373888b8&0&1.0.0#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}IDE\CdRomNECVMWar_VMware_SATA_CD01_______________1.00____IDE\NECVMWar_VMware_SATA_CD01_______________1.00____IDE\CdRomNECVMWar_VMware_SATA_CD01_______________NECVMWar_VMware_SATA_CD01_____ |
Source: lsm.exe, 00000013.00000002.603598092.000000000038E000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: 1IDE\CDROMNECVMWAR_VMWARE_SATA_CD01_______________1.00____\6&373888B8&0&1.0.0 |
Source: svchost.exe, 00000019.00000002.609805884.0000000003731000.00000004.00000001.00020000.00000000.sdmp |
Binary or memory string: WMIBinaryMofResourceSCSI\Disk&Ven_VMware&Prod_Virtual_disk\5&22be343f&0&000000_0-{05901221-D566-11d1-B2F0-00A0C9062910}ceName]me]$ |
Source: WmiPrvSE.exe, 00000022.00000003.441341124.00000000003FF000.00000004.00000001.00020000.00000000.sdmp |
Binary or memory string: VMware, Inc. |
Source: svchost.exe, 0000001D.00000002.605471171.00000000020A3000.00000004.00000001.00020000.00000000.sdmp |
Binary or memory string: DE\CdRomNECVMWar_VMware_SATA_CD01_______________1.00____\6&373888b8&0&1.0.0 |
Source: svchost.exe, 00000019.00000002.603306949.00000000002EF000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: \\?\scsi#disk&ven_vmware&prod_virtual_disk#5&22b |
Source: svchost.exe, 00000019.00000000.347207490.00000000036C0000.00000004.00000001.00020000.00000000.sdmp |
Binary or memory string: naryMofResourceSCSI\Disk&Ven_VMware&Prod_Virtual_disk\5&22be343f&0&000000_0-{05901221-D566-11d1-B2F0-00A0C9062910} |
Source: services.exe, 00000006.00000002.607282545.0000000000FAB000.00000004.00000001.00020000.00000000.sdmp |
Binary or memory string: 53f5630d-b6bf-11d0-94f2-00a0c91efb8b\\?\IDE#CdRomNECVMWar_VMware_SATA_CD01_______________1.00____#6&373888b8&0&1.0.0#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}IDE\CdRomNECVMWar_VMware_SATA_CD01_______________1.00____IDE\NECVMWar_VMware_SATA_CD01_______________1.00____IDE\CdRomNECVMWar_VMware_SATA_CD01_______________NECVMWar_VMware_SATA_CD01_______________1.00____GenCdRomGenCdRom |
Source: svchost.exe, 00000017.00000002.607596633.0000000001E2B000.00000004.00000001.00020000.00000000.sdmp |
Binary or memory string: _vmware&prod_virtual_disk#5 |
Source: svchost.exe, 00000014.00000000.343599035.000000000177E000.00000004.00000001.00020000.00000000.sdmp |
Binary or memory string: _volsnap\0000root\legacy_ksecpkg\0000pciide\idechannel\5&35c44269&0&10acpi\pnp0a05\2froot\*teredo\0000display\default_monitor\4&10c2e2d6&0&12345678&00&0facpi\pnp0a05\4aroot\legacy_peauth\0000scsi\disk&ven_vmware&prod_virtual_disk\5&22be343f&0&000000acpi\genuineintel_-_intel64_family_6_model_85_-_intel(r)_core(tm)2_cpu_6600_@_2.40_ghz\_0acpi\pnp0a05\30acpi\pnp0a05\4broot\legacy_wanarpv6\0000root\legacy_lltdio\0000root\acpi_hal\0000pciide\idechannel\5&35c44269&0&24pci\ven_15ad&dev_0740&subsys_074015ad&rev_10\3&2b8e0b4b&0&3fpciide\idechannel\5&35c44269&0&11root\legacy_psched\0000pci\ven_15ad&dev_07a0&subsys_07a015ad&rev_01\3&2b8e0b4b&0&acpci\ven_15ad&dev_07a0&subsys_07a015ad&rev_01\3&2b8e0b4b&0&b4acpi\pnp0a05\31pci\ven_15ad&dev_07a0&subsys_07a015ad&rev_01\3&2b8e0b4b&0&bcpci\ven_15ad&dev_07a0&subsys_07a015ad&rev_01\3&2b8e0b4b&0&c4acpi\pnp0a05\4cacpi\pnp0800\4&205ad762&0root\blbdrive\0000pci\ven_8086&dev_7110&subsys_197615ad&rev_08\3&2b8e0b4b&0&38root\legacy_wdf01000\0000acpi\pnp0a05\32hdaudio\func_01&ven_15ad&dev_1975&subsys_15ad1975&rev_1001\5&8a7c |
Source: svchost.exe, 00000019.00000000.346906062.0000000001170000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: \\?\IDE#CdRomNECVMWar_VMware_SATA_CD01_______________1.00____#6&373888b8&0&1.0.0#{53f56308-b6bf-11d0-94f2-00a0c91efb8b} |
Source: svchost.exe, 00000019.00000000.346906062.0000000001170000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: \\?\SCSI#Disk&Ven_VMware&Prod_Virtual_disk#5&22be343f&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} |
Source: WmiPrvSE.exe, 00000022.00000003.441341124.00000000003FF000.00000004.00000001.00020000.00000000.sdmp |
Binary or memory string: VMware SVGA II |
Source: mine327.exe, 00000000.00000002.377843630.00000000029FE000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: VMWARE"SOFTWARE\VMware, Inc.\VMware ToolsLHARDWARE\DEVICEMAP\Scsi\Scsi Port 1\Scsi Bus 0\Target Id 0\Logical Unit Id 0LHARDWARE\DEVICEMAP\Scsi\Scsi Port 2\Scsi Bus 0\Target Id 0\Logical Unit Id 0'SYSTEM\ControlSet001\Services\Disk\Enum |
Source: svchost.exe, 00000019.00000000.346906062.0000000001170000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: \\?\IDE#CdRomNECVMWar_VMware_SATA_CD01_______________1.00____#6&373888b8&0&1.0.0#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}w |
Source: explorer.exe, 0000001F.00000002.606706574.0000000003E59000.00000004.00000001.00020000.00000000.sdmp |
Binary or memory string: \\?\ide#cdromnecvmwar_vmware_sata_cd01_______________1.00____#6&373888b8&0&1.0.0#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}100\4&20 |
Source: svchost.exe, 00000017.00000002.603298774.000000000037B000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: \\?\ide#cdromnecvmwar_vmware_sata_cd01_______________1.00____#6&373888b8&0&1.0.0#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b} |
Source: WmiPrvSE.exe, 00000022.00000003.441760961.00000000003AB000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: SCSI\DISK&VEN_VMWARE&PROD_VIRTUAL_DISK\5&22BE343F&0&000000 |
Source: services.exe, 00000006.00000002.608321393.00000000017C0000.00000004.00000001.00020000.00000000.sdmp |
Binary or memory string: 53f56307-b6bf-11d0-94f2-00a0c91efb8b\\?\SCSI#Disk&Ven_VMware&Prod_Virtual_disk#5&22be343f&0&000000#{53f56307-b6bf-1 |
Source: svchost.exe, 00000019.00000002.603306949.00000000002EF000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: VMware Virtual disk 1.0 MM* |
Source: svchost.exe, 00000014.00000002.606686716.0000000000F67000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: CdRomNECVMWar_VMware_SATA_CD01_______________1.00____#6&373888b8&0&1.0.0#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{8a079453-cd11-11ea-a1d0-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{8a079453-cd11-11ea-a1d0-806e6f6e6963}#0000000006500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b} |
Source: svchost.exe, 00000014.00000002.606686716.0000000000F60000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: SCSI\DISK&VEN_VMWARE&PROD_VIRTUAL_DISK\5&22BE343F&0&0000000 |
Source: services.exe, 00000006.00000000.341821779.0000000001783000.00000004.00000001.00020000.00000000.sdmp |
Binary or memory string: 53f56307-b6bf-11d0-94f2-00a0c91efb8b\\?\SCSI#Disk&Ven_VMware&Prod_Virtual_disk#5&22be343f&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}SCSI\DiskVMware__Virtual_disk____1.0_SCSI\DiskVMware__Virtual_disk____SCSI\DiskVMware__SCSI\VMware__Virtual_disk____1VMware__Virtual_disk____1GenDiskSCSI\DiskSCSI\RAWE_Channel*PNP0600 |
Source: svchost.exe, 00000019.00000000.347411701.0000000004720000.00000004.00000001.00020000.00000000.sdmp |
Binary or memory string: stringComputer System ProductComputer System Product9BUL1B92043542-3A67-1E19-BC53-0184572EE55CVMware, Inc.Noney* |
Source: WmiPrvSE.exe, 00000024.00000003.509098082.000000000027C000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: select * from WMIBinaryMofResource where Name = "SCSI\\Disk&Ven_VMware&Prod_Virtual_disk\\5&22be343f&0&000000_0-{05901221-D566-11d1-B2F0-00A0C9062910}"00A0C9062910}" |
Source: mine327.exe, 00000000.00000002.377843630.00000000029FE000.00000004.00000800.00020000.00000000.sdmp |
Binary or memory string: SOFTWARE\VMware, Inc.\VMware Tools |
Source: svchost.exe, 00000014.00000002.606686716.0000000000F67000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: IDE\CdRomNECVMWar_VMware_SATA_CD01_______________1.00____\6&373888b8&0&1.0.0 |
Source: svchost.exe, 00000016.00000002.605131595.0000000002100000.00000004.00000001.00020000.00000000.sdmp |
Binary or memory string: $value = $pr.Value.replace("VBOX", $value).replace("VBox", $value).replace("VMWARE", $value).replace("VMware", $value).replace("VirtualBox", $value).replace("Oracle Corporation", $value).replace("Microsoft Basic Display Adapter", $value) |
Source: services.exe, 00000006.00000000.341821779.0000000001783000.00000004.00000001.00020000.00000000.sdmp |
Binary or memory string: 53f56307-b6bf-11d0-94f2-00a0c91efb8b\\?\SCSI#Disk&Ven_VMware&Prod_Virtual_disk#5&22be343f&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}SCSI\DiskVMware__Virtual_disk____1.0_SCSI\DiskVMware__Virtual_disk____SCSI\DiskVMware__SCSI\VMware__Virtual_disk____1VMware__Virtual_disk____1GenDiskSCSI\DiskSCSI\RAW |
Source: svchost.exe, 00000014.00000002.602992913.00000000001E3000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: scsi\disk&ven_vmware&prod_virtual_disk\5&22be343f&0&000000 |
Source: svchost.exe, 00000016.00000002.605131595.0000000002100000.00000004.00000001.00020000.00000000.sdmp |
Binary or memory string: $value = $pr.Value.replace("VEN_80EE", $value).replace("VEN_15AD", $value).replace("VBOX", $value).replace("VBox", $value).replace("VMWARE", $value).replace("82801FB", $value).replace("82441FX", $value).replace("82371SB", $value).replace("OpenHCD", $value).replace("VMWare", $value) |
Source: explorer.exe, 0000001F.00000002.606706574.0000000003E59000.00000004.00000001.00020000.00000000.sdmp |
Binary or memory string: \\?\ide#cdromnecvmwar_vmware_sata_cd01_______________1.00____#6&373888b8&0&1.0.0#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}eeab7790 |
Source: svchost.exe, 00000014.00000002.602992913.00000000001E3000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: scsi\disk&ven_vmware_&prod_vmware_virtual_s\5&22be343f&0&000000 |
Source: svchost.exe, 00000019.00000000.346906062.0000000001170000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: \\?\IDE#CdRomNECVMWar_VMware_SATA_CD01_______________1.00____#6&373888b8&0&1.0.0#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}a |
Source: svchost.exe, 0000001D.00000002.605471171.00000000020A3000.00000004.00000001.00020000.00000000.sdmp |
Binary or memory string: ZDE\CdRomNECVMWar_VMware_SATA_CD01_______________1.00____\6&373888b8&0&1.0.0272fb |
Source: svchost.exe, 0000001D.00000002.603668650.000000000038D000.00000004.00000001.00020000.00000000.sdmp |
Binary or memory string: Policyagent049f198-1016-11e7-b87b-806e6f6e6963}\??\IDE#CdRomNECVMWar_VMware_SATA_CD01_______________1.00____#6&373888b8&0&1.0.0#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\Device\CdRom0\DosDevices\D:\??\Volume{8a07945e-cd11-11ea-a1d0-806e6f6e6963}c |
Source: svchost.exe, 00000019.00000000.347411701.000000000482C000.00000004.00000001.00020000.00000000.sdmp |
Binary or memory string: Win32_PnPEntityVMware Virtual disk SCSI Disk Device{4d36e967-e325-11ce-bfc1-08002be10318}System.String[]Win32_PnPEntityDisk driveSCSI\DISK&VEN__HV5B96L&PROD_VIRTUAL_DISK\5&22BE343F&0&000000System.String[](Standard disk drives)VMware Virtual disk SCSI Disk DeviceSCSI\DISK&VEN_DN177VWB&PROD_VIRTUAL_DISK\5&22BE343F&0&000000diskOKWin32_ComputerSystemuser-PCBCAAEBA95E435CA5300A680BE9BF735F04A93ECECD18F46C56865C6158D43B74 |
Source: services.exe, 00000006.00000000.341821779.0000000001783000.00000004.00000001.00020000.00000000.sdmp |
Binary or memory string: 53f56308-b6bf-11d0-94f2-00a0c91efb8b\\?\IDE#CdRomNECVMWar_VMware_SATA_CD01_______________1.00____#6&373888b8&0&1.0.0#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}IDE\CdRomNECVMWar_VMware_SATA_CD01_______________1.00____IDE\NECVMWar_VMware_SATA_CD01_______________1.00____IDE\CdRomNECVMWar_VMware_SATA_CD01_______________NECVMWar_VMware_SATA_CD01_______________1.00____GenCdRomGenCdRome8 |
Source: svchost.exe, 00000016.00000002.605131595.0000000002100000.00000004.00000001.00020000.00000000.sdmp |
Binary or memory string: if(($pr.Name -eq "DeviceId" -or $pr.Name -eq "Caption" -or $pr.Name -eq "Model" -or $pr.Name -eq "PNPDeviceID") -and ($pr.Value -match 'VBOX' -or $pr.Value -match 'VBox' -or $pr.Value -match 'VMWARE' -or $pr.Value -match 'VMware')) |
Source: services.exe, 00000006.00000000.341821779.0000000001783000.00000004.00000001.00020000.00000000.sdmp |
Binary or memory string: 53f56307-b6bf-11d0-94f2-00a0c91efb8b\\?\SCSI#Disk&Ven_VMware&Prod_Virtual_disk#5&22be343f&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}SCSI\DiskVMware__Virtual_disk____1.0_SCSI\DiskVMware__Virtual_disk____SCSI\DiskVMware__SCSI\VMware__Virtual_disk____1VMware__Virtual_disk____1GenDiskSCSI\DiskSCSI\RAWeX |
Source: C:\Users\user\Desktop\mine327.exe |
Code function: 0_2_005780F8 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess, |
0_2_005780F8 |
Source: C:\Users\user\Desktop\mine327.exe |
Code function: 0_2_00577D90 IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, |
0_2_00577D90 |
Source: C:\Users\user\Desktop\mine327.exe |
Code function: 0_2_00586218 SetUnhandledExceptionFilter, |
0_2_00586218 |
Source: C:\Users\user\Desktop\mine327.exe |
Code function: 0_2_0057D2A4 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, |
0_2_0057D2A4 |
Source: C:\Windows\explorer.exe |
Code function: 2_2_0000000140001160 Sleep,Sleep,_amsg_exit,_initterm,SetUnhandledExceptionFilter,malloc,strlen,malloc,memcpy,_cexit,exit, |
2_2_0000000140001160 |
Source: C:\Windows\System32\services.exe |
Code function: 6_2_001F80F8 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,TerminateProcess, |
6_2_001F80F8 |
Source: C:\Windows\System32\services.exe |
Code function: 6_2_001F7D90 IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, |
6_2_001F7D90 |
Source: C:\Windows\System32\services.exe |
Code function: 6_2_001FD2A4 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, |
6_2_001FD2A4 |
Source: C:\Windows\System32\WerFault.exe |
Code function: 10_2_0248D2A4 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, |
10_2_0248D2A4 |
Source: C:\Windows\System32\WerFault.exe |
Code function: 10_2_024880F8 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,TerminateProcess, |
10_2_024880F8 |
Source: C:\Windows\System32\WerFault.exe |
Code function: 10_2_02487D90 IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, |
10_2_02487D90 |
Source: C:\Windows\System32\winlogon.exe |
Code function: 12_2_009880F8 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess, |
12_2_009880F8 |
Source: C:\Windows\System32\winlogon.exe |
Code function: 12_2_00987D90 IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, |
12_2_00987D90 |
Source: C:\Windows\System32\winlogon.exe |
Code function: 12_2_0098D2A4 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, |
12_2_0098D2A4 |
Source: C:\Windows\System32\winlogon.exe |
Code function: 12_2_00996218 SetUnhandledExceptionFilter, |
12_2_00996218 |
Source: C:\Windows\System32\sc.exe |
Code function: 13_2_00167D90 IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, |
13_2_00167D90 |
Source: C:\Windows\System32\sc.exe |
Code function: 13_2_00176218 SetUnhandledExceptionFilter, |
13_2_00176218 |
Source: C:\Windows\System32\sc.exe |
Code function: 13_2_0016D2A4 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, |
13_2_0016D2A4 |
Source: C:\Windows\System32\conhost.exe |
Code function: 15_2_00207D90 IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, |
15_2_00207D90 |
Source: C:\Windows\System32\conhost.exe |
Code function: 15_2_0020D2A4 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, |
15_2_0020D2A4 |
Source: C:\ProgramData\jjfvbumjfczj\oapavmkbdsqp.exe |
Code function: 16_2_002880F8 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess, |
16_2_002880F8 |
Source: C:\ProgramData\jjfvbumjfczj\oapavmkbdsqp.exe |
Code function: 16_2_00287D90 IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, |
16_2_00287D90 |
Source: C:\ProgramData\jjfvbumjfczj\oapavmkbdsqp.exe |
Code function: 16_2_00296218 SetUnhandledExceptionFilter, |
16_2_00296218 |
Source: C:\ProgramData\jjfvbumjfczj\oapavmkbdsqp.exe |
Code function: 16_2_0028D2A4 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, |
16_2_0028D2A4 |
Source: C:\ProgramData\jjfvbumjfczj\oapavmkbdsqp.exe |
Code function: 16_2_002F7D90 IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, |
16_2_002F7D90 |
Source: C:\ProgramData\jjfvbumjfczj\oapavmkbdsqp.exe |
Code function: 16_2_00306218 SetUnhandledExceptionFilter, |
16_2_00306218 |
Source: C:\ProgramData\jjfvbumjfczj\oapavmkbdsqp.exe |
Code function: 16_2_002FD2A4 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, |
16_2_002FD2A4 |
Source: C:\ProgramData\jjfvbumjfczj\oapavmkbdsqp.exe |
Code function: 16_2_FF64A6E8 SetUnhandledExceptionFilter, |
16_2_FF64A6E8 |
Source: C:\ProgramData\jjfvbumjfczj\oapavmkbdsqp.exe |
Code function: 16_2_FF6212F0 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess, |
16_2_FF6212F0 |
Source: C:\Windows\System32\lsass.exe |
Code function: 17_2_009C7D90 IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, |
17_2_009C7D90 |
Source: C:\Windows\System32\lsass.exe |
Code function: 17_2_009CD2A4 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, |
17_2_009CD2A4 |
Source: C:\Windows\System32\lsm.exe |
Code function: 19_2_00267D90 IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, |
19_2_00267D90 |
Source: C:\Windows\System32\lsm.exe |
Code function: 19_2_00276218 SetUnhandledExceptionFilter, |
19_2_00276218 |
Source: C:\Windows\System32\lsm.exe |
Code function: 19_2_0026D2A4 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, |
19_2_0026D2A4 |
Source: C:\Windows\System32\svchost.exe |
Code function: 20_2_006B7D90 IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, |
20_2_006B7D90 |
Source: C:\Windows\System32\svchost.exe |
Code function: 20_2_006BD2A4 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, |
20_2_006BD2A4 |
Source: C:\Windows\System32\svchost.exe |
Code function: 22_2_014A7D90 IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, |
22_2_014A7D90 |
Source: C:\Windows\System32\svchost.exe |
Code function: 22_2_014AD2A4 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, |
22_2_014AD2A4 |
Source: C:\Windows\System32\svchost.exe |
Code function: 23_2_00BC7D90 IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, |
23_2_00BC7D90 |
Source: C:\Windows\System32\svchost.exe |
Code function: 23_2_00BCD2A4 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, |
23_2_00BCD2A4 |
Source: C:\Windows\System32\svchost.exe |
Code function: 24_2_00A77D90 IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, |
24_2_00A77D90 |
Source: C:\Windows\System32\svchost.exe |
Code function: 24_2_00A7D2A4 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, |
24_2_00A7D2A4 |
Source: C:\Windows\System32\svchost.exe |
Code function: 25_2_00C67D90 IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, |
25_2_00C67D90 |
Source: C:\Windows\System32\svchost.exe |
Code function: 25_2_00C6D2A4 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, |
25_2_00C6D2A4 |
Source: C:\Windows\System32\svchost.exe |
Code function: 26_2_002C7D90 IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, |
26_2_002C7D90 |
Source: C:\Windows\System32\svchost.exe |
Code function: 26_2_002CD2A4 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, |
26_2_002CD2A4 |
Source: C:\Users\user\Desktop\mine327.exe |
Memory allocated: C:\Windows\explorer.exe base: 140000000 protect: page execute and read and write |
Jump to behavior |
Source: C:\Windows\System32\dialer.exe |
Memory allocated: C:\Windows\System32\services.exe base: 1C0000 protect: page execute and read and write |
Jump to behavior |
Source: C:\Windows\System32\dialer.exe |
Memory allocated: C:\Windows\System32\winlogon.exe base: 950000 protect: page execute and read and write |
Jump to behavior |
Source: C:\Windows\System32\dialer.exe |
Memory allocated: C:\Windows\System32\lsass.exe base: F0000 protect: page execute and read and write |
Jump to behavior |
Source: C:\Windows\System32\dialer.exe |
Memory allocated: C:\ProgramData\jjfvbumjfczj\oapavmkbdsqp.exe base: E0000 protect: page execute and read and write |
Jump to behavior |
Source: C:\Windows\System32\dialer.exe |
Memory allocated: C:\Windows\System32\lsm.exe base: 1B0000 protect: page execute and read and write |
Jump to behavior |
Source: C:\Windows\System32\dialer.exe |
Memory allocated: C:\Windows\System32\svchost.exe base: 680000 protect: page execute and read and write |
Jump to behavior |
Source: C:\Windows\System32\dialer.exe |
Memory allocated: C:\Windows\System32\svchost.exe base: 130000 protect: page execute and read and write |
Jump to behavior |
Source: C:\Windows\System32\dialer.exe |
Memory allocated: C:\Windows\System32\svchost.exe base: 13F0000 protect: page execute and read and write |
Jump to behavior |
Source: C:\Windows\System32\dialer.exe |
Memory allocated: C:\Windows\System32\svchost.exe base: 970000 protect: page execute and read and write |
Jump to behavior |
Source: C:\Windows\System32\dialer.exe |
Memory allocated: C:\Windows\System32\svchost.exe base: 180000 protect: page execute and read and write |
Jump to behavior |
Source: C:\Windows\System32\dialer.exe |
Memory allocated: C:\Windows\System32\svchost.exe base: B90000 protect: page execute and read and write |
Jump to behavior |
Source: C:\Windows\System32\dialer.exe |
Memory allocated: C:\Windows\System32\svchost.exe base: 110000 protect: page execute and read and write |
Jump to behavior |
Source: C:\Windows\System32\dialer.exe |
Memory allocated: C:\Windows\System32\svchost.exe base: FD0000 protect: page execute and read and write |
Jump to behavior |
Source: C:\Windows\System32\dialer.exe |
Memory allocated: C:\Windows\System32\spoolsv.exe base: 1E50000 protect: page execute and read and write |
Jump to behavior |
Source: C:\Windows\System32\dialer.exe |
Memory allocated: C:\Windows\System32\svchost.exe base: 120000 protect: page execute and read and write |
Jump to behavior |
Source: C:\Windows\System32\dialer.exe |
Memory allocated: C:\Windows\System32\dwm.exe base: 340000 protect: page execute and read and write |
Jump to behavior |
Source: C:\Windows\System32\dialer.exe |
Memory allocated: C:\Windows\explorer.exe base: 2800000 protect: page execute and read and write |
Jump to behavior |
Source: C:\Windows\System32\dialer.exe |
Memory allocated: C:\Windows\System32\taskeng.exe base: 970000 protect: page execute and read and write |
Jump to behavior |
Source: C:\Windows\System32\dialer.exe |
Memory allocated: C:\Windows\System32\UI0Detect.exe base: 1B80000 protect: page execute and read and write |
Jump to behavior |
Source: C:\Windows\System32\dialer.exe |
Memory allocated: C:\Windows\System32\wbem\WmiPrvSE.exe base: 1A0000 protect: page execute and read and write |
Jump to behavior |
Source: C:\Windows\System32\dialer.exe |
Memory allocated: C:\Windows\System32\svchost.exe base: 330000 protect: page execute and read and write |
Jump to behavior |
Source: C:\Windows\System32\dialer.exe |
Memory allocated: C:\Windows\System32\wbem\WmiPrvSE.exe base: 1B0000 protect: page execute and read and write |
Jump to behavior |
Source: C:\Windows\System32\dialer.exe |
Memory allocated: C:\Windows\System32\wbem\WmiPrvSE.exe base: 1C0000 protect: page execute and read and write |
Jump to behavior |
Source: C:\Windows\System32\dialer.exe |
Memory allocated: C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE base: 130000 protect: page execute and read and write |
Jump to behavior |
Source: C:\Windows\System32\dialer.exe |
Memory allocated: C:\Users\user\Desktop\mine327.exe base: 540000 protect: page execute and read and write |
Jump to behavior |
Source: C:\Windows\System32\dialer.exe |
Memory allocated: C:\ProgramData\jjfvbumjfczj\oapavmkbdsqp.exe base: 2C0000 protect: page execute and read and write |
Jump to behavior |
Source: C:\Windows\System32\dialer.exe |
Memory allocated: C:\Windows\System32\svchost.exe base: 120000 protect: page execute and read and write |
Jump to behavior |
Source: C:\Windows\System32\dialer.exe |
Memory allocated: C:\Windows\System32\WerFault.exe base: 1D80000 protect: page execute and read and write |
Jump to behavior |
Source: C:\Windows\System32\dialer.exe |
Memory allocated: C:\Windows\System32\sc.exe base: 130000 protect: page execute and read and write |
Jump to behavior |
Source: C:\Windows\System32\dialer.exe |
Memory allocated: C:\Windows\System32\conhost.exe base: 1D0000 protect: page execute and read and write |
Jump to behavior |
Source: C:\Windows\System32\dialer.exe |
Memory allocated: C:\Users\user\Desktop\mine327.exe base: C60000 protect: page execute and read and write |
Jump to behavior |
Source: C:\Windows\System32\dialer.exe |
Memory allocated: C:\Users\user\Desktop\mine327.exe base: 1140000 protect: page execute and read and write |
Jump to behavior |
Source: C:\Windows\System32\dialer.exe |
Memory allocated: C:\Users\user\Desktop\mine327.exe base: 1ACC0000 protect: page execute and read and write |
Jump to behavior |
Source: C:\Windows\System32\dialer.exe |
Memory allocated: C:\Users\user\Desktop\mine327.exe base: 1B4A0000 protect: page execute and read and write |
Jump to behavior |
Source: C:\Windows\System32\dialer.exe |
Memory allocated: C:\Users\user\Desktop\mine327.exe base: 1BE40000 protect: page execute and read and write |
Jump to behavior |
Source: C:\Windows\System32\dialer.exe |
Memory allocated: C:\Users\user\Desktop\mine327.exe base: 1BEA0000 protect: page execute and read and write |
Jump to behavior |
Source: C:\Windows\System32\dialer.exe |
Memory allocated: C:\Users\user\Desktop\mine327.exe base: 1BF00000 protect: page execute and read and write |
Jump to behavior |
Source: C:\Windows\System32\dialer.exe |
Memory allocated: C:\Users\user\Desktop\mine327.exe base: 1BF60000 protect: page execute and read and write |
Jump to behavior |
Source: C:\Windows\System32\dialer.exe |
Memory allocated: C:\Users\user\Desktop\mine327.exe base: 1BFC0000 protect: page execute and read and write |
Jump to behavior |
Source: C:\Windows\System32\dialer.exe |
Memory allocated: C:\Users\user\Desktop\mine327.exe base: 1C020000 protect: page execute and read and write |
Jump to behavior |
Source: C:\Windows\System32\dialer.exe |
Memory allocated: C:\Users\user\Desktop\mine327.exe base: 1C080000 protect: page execute and read and write |
Jump to behavior |
Source: C:\Windows\System32\dialer.exe |
Memory protected: C:\Windows\System32\services.exe base: 1C0000 protect: page execute and read and write |
Jump to behavior |
Source: C:\Windows\System32\dialer.exe |
Memory protected: C:\Windows\System32\services.exe base: 1C0000 protect: page execute and read and write |
Jump to behavior |
Source: C:\Windows\System32\dialer.exe |
Memory protected: C:\Windows\System32\winlogon.exe base: 950000 protect: page execute and read and write |
Jump to behavior |
Source: C:\Windows\System32\dialer.exe |
Memory protected: C:\Windows\System32\winlogon.exe base: 950000 protect: page execute and read and write |
Jump to behavior |
Source: C:\Windows\System32\dialer.exe |
Memory protected: C:\Windows\System32\lsass.exe base: F0000 protect: page execute and read and write |
Jump to behavior |
Source: C:\Windows\System32\dialer.exe |
Memory protected: C:\Windows\System32\lsass.exe base: F0000 protect: page execute and read and write |
Jump to behavior |
Source: C:\Windows\System32\dialer.exe |
Memory protected: C:\ProgramData\jjfvbumjfczj\oapavmkbdsqp.exe base: E0000 protect: page execute and read and write |
Jump to behavior |
Source: C:\Windows\System32\dialer.exe |
Memory protected: C:\ProgramData\jjfvbumjfczj\oapavmkbdsqp.exe base: E0000 protect: page execute and read and write |
Jump to behavior |
Source: C:\Windows\System32\dialer.exe |
Memory protected: C:\Windows\System32\lsm.exe base: 1B0000 protect: page execute and read and write |
Jump to behavior |
Source: C:\Windows\System32\dialer.exe |
Memory protected: C:\Windows\System32\lsm.exe base: 1B0000 protect: page execute and read and write |
Jump to behavior |
Source: C:\Windows\System32\dialer.exe |
Memory protected: C:\Windows\System32\svchost.exe base: 680000 protect: page execute and read and write |
Jump to behavior |
Source: C:\Windows\System32\dialer.exe |
Memory protected: C:\Windows\System32\svchost.exe base: 680000 protect: page execute and read and write |
Jump to behavior |
Source: C:\Windows\System32\dialer.exe |
Memory protected: C:\Windows\System32\svchost.exe base: 130000 protect: page execute and read and write |
Jump to behavior |
Source: C:\Windows\System32\dialer.exe |
Memory protected: C:\Windows\System32\svchost.exe base: 130000 protect: page execute and read and write |
Jump to behavior |
Source: C:\Windows\System32\dialer.exe |
Memory protected: C:\Windows\System32\svchost.exe base: 13F0000 protect: page execute and read and write |
Jump to behavior |
Source: C:\Windows\System32\dialer.exe |
Memory protected: C:\Windows\System32\svchost.exe base: 13F0000 protect: page execute and read and write |
Jump to behavior |
Source: C:\Windows\System32\dialer.exe |
Memory protected: C:\Windows\System32\svchost.exe base: 970000 protect: page execute and read and write |
Jump to behavior |
Source: C:\Windows\System32\dialer.exe |
Memory protected: C:\Windows\System32\svchost.exe base: 970000 protect: page execute and read and write |
Jump to behavior |
Source: C:\Windows\System32\dialer.exe |
Memory protected: C:\Windows\System32\svchost.exe base: 180000 protect: page execute and read and write |
Jump to behavior |
Source: C:\Windows\System32\dialer.exe |
Memory protected: C:\Windows\System32\svchost.exe base: 180000 protect: page execute and read and write |
Jump to behavior |
Source: C:\Windows\System32\dialer.exe |
Memory protected: C:\Windows\System32\svchost.exe base: B90000 protect: page execute and read and write |
Jump to behavior |
Source: C:\Windows\System32\dialer.exe |
Memory protected: C:\Windows\System32\svchost.exe base: B90000 protect: page execute and read and write |
Jump to behavior |
Source: C:\Windows\System32\dialer.exe |
Memory protected: C:\Windows\System32\svchost.exe base: 110000 protect: page execute and read and write |
Jump to behavior |
Source: C:\Windows\System32\dialer.exe |
Memory protected: C:\Windows\System32\svchost.exe base: 110000 protect: page execute and read and write |
Jump to behavior |
Source: C:\Windows\System32\dialer.exe |
Memory protected: C:\Windows\System32\svchost.exe base: FD0000 protect: page execute and read and write |
Jump to behavior |
Source: C:\Windows\System32\dialer.exe |
Memory protected: C:\Windows\System32\svchost.exe base: FD0000 protect: page execute and read and write |
Jump to behavior |
Source: C:\Windows\System32\dialer.exe |
Memory protected: C:\Windows\System32\spoolsv.exe base: 1E50000 protect: page execute and read and write |
Jump to behavior |
Source: C:\Windows\System32\dialer.exe |
Memory protected: C:\Windows\System32\spoolsv.exe base: 1E50000 protect: page execute and read and write |
Jump to behavior |
Source: C:\Windows\System32\dialer.exe |
Memory protected: C:\Windows\System32\svchost.exe base: 120000 protect: page execute and read and write |
Jump to behavior |
Source: C:\Windows\System32\dialer.exe |
Memory protected: C:\Windows\System32\svchost.exe base: 120000 protect: page execute and read and write |
Jump to behavior |
Source: C:\Windows\System32\dialer.exe |
Memory protected: C:\Windows\System32\dwm.exe base: 340000 protect: page execute and read and write |
Jump to behavior |
Source: C:\Windows\System32\dialer.exe |
Memory protected: C:\Windows\System32\dwm.exe base: 340000 protect: page execute and read and write |
Jump to behavior |
Source: C:\Windows\System32\dialer.exe |
Memory protected: C:\Windows\explorer.exe base: 2800000 protect: page execute and read and write |
Jump to behavior |
Source: C:\Windows\System32\dialer.exe |
Memory protected: C:\Windows\explorer.exe base: 2800000 protect: page execute and read and write |
Jump to behavior |
Source: C:\Windows\System32\dialer.exe |
Memory protected: C:\Windows\System32\taskeng.exe base: 970000 protect: page execute and read and write |
Jump to behavior |
Source: C:\Windows\System32\dialer.exe |
Memory protected: C:\Windows\System32\taskeng.exe base: 970000 protect: page execute and read and write |
Jump to behavior |
Source: C:\Windows\System32\dialer.exe |
Memory protected: C:\Windows\System32\UI0Detect.exe base: 1B80000 protect: page execute and read and write |
Jump to behavior |
Source: C:\Windows\System32\dialer.exe |
Memory protected: C:\Windows\System32\UI0Detect.exe base: 1B80000 protect: page execute and read and write |
Jump to behavior |
Source: C:\Windows\System32\dialer.exe |
Memory protected: C:\Windows\System32\wbem\WmiPrvSE.exe base: 1A0000 protect: page execute and read and write |
Jump to behavior |
Source: C:\Windows\System32\dialer.exe |
Memory protected: C:\Windows\System32\wbem\WmiPrvSE.exe base: 1A0000 protect: page execute and read and write |
Jump to behavior |
Source: C:\Windows\System32\dialer.exe |
Memory protected: C:\Windows\System32\svchost.exe base: 330000 protect: page execute and read and write |
Jump to behavior |
Source: C:\Windows\System32\dialer.exe |
Memory protected: C:\Windows\System32\svchost.exe base: 330000 protect: page execute and read and write |
Jump to behavior |
Source: C:\Windows\System32\dialer.exe |
Memory protected: C:\Windows\System32\wbem\WmiPrvSE.exe base: 1B0000 protect: page execute and read and write |
Jump to behavior |
Source: C:\Windows\System32\dialer.exe |
Memory protected: C:\Windows\System32\wbem\WmiPrvSE.exe base: 1B0000 protect: page execute and read and write |
Jump to behavior |
Source: C:\Windows\System32\dialer.exe |
Memory protected: C:\Windows\System32\wbem\WmiPrvSE.exe base: 1C0000 protect: page execute and read and write |
Jump to behavior |
Source: C:\Windows\System32\dialer.exe |
Memory protected: C:\Windows\System32\wbem\WmiPrvSE.exe base: 1C0000 protect: page execute and read and write |
Jump to behavior |
Source: C:\Windows\System32\dialer.exe |
Memory protected: C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE base: 130000 protect: page execute and read and write |
Jump to behavior |
Source: C:\Windows\System32\dialer.exe |
Memory protected: C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE base: 130000 protect: page execute and read and write |
Jump to behavior |
Source: C:\Windows\System32\dialer.exe |
Memory protected: C:\Users\user\Desktop\mine327.exe base: 540000 protect: page execute and read and write |
Jump to behavior |
Source: C:\Windows\System32\dialer.exe |
Memory protected: C:\Users\user\Desktop\mine327.exe base: 540000 protect: page execute and read and write |
Jump to behavior |
Source: C:\Windows\System32\dialer.exe |
Memory protected: C:\Windows\System32\svchost.exe base: 120000 protect: page execute and read and write |
Jump to behavior |
Source: C:\Windows\System32\dialer.exe |
Memory protected: C:\Windows\System32\svchost.exe base: 120000 protect: page execute and read and write |
Jump to behavior |
Source: C:\Windows\System32\dialer.exe |
Memory protected: C:\Windows\System32\WerFault.exe base: 1D80000 protect: page execute and read and write |
Jump to behavior |
Source: C:\Windows\System32\dialer.exe |
Memory protected: C:\Windows\System32\WerFault.exe base: 1D80000 protect: page execute and read and write |
Jump to behavior |
Source: C:\Windows\System32\dialer.exe |
Memory protected: C:\Windows\System32\sc.exe base: 130000 protect: page execute and read and write |
Jump to behavior |
Source: C:\Windows\System32\dialer.exe |
Memory protected: C:\Windows\System32\sc.exe base: 130000 protect: page execute and read and write |
Jump to behavior |
Source: C:\Windows\System32\dialer.exe |
Memory protected: C:\Windows\System32\conhost.exe base: 1D0000 protect: page execute and read and write |
Jump to behavior |
Source: C:\Windows\System32\dialer.exe |
Memory protected: C:\Windows\System32\conhost.exe base: 1D0000 protect: page execute and read and write |
Jump to behavior |
Source: C:\Windows\System32\dialer.exe |
Thread created: C:\Windows\System32\services.exe EIP: 1C273C |
Jump to behavior |
Source: C:\Windows\System32\dialer.exe |
Thread created: C:\Windows\System32\winlogon.exe EIP: 95273C |
Jump to behavior |
Source: C:\Windows\System32\dialer.exe |
Thread created: C:\Windows\System32\conhost.exe EIP: E273C |
Jump to behavior |
Source: C:\Windows\System32\dialer.exe |
Thread created: C:\Windows\System32\lsass.exe EIP: F273C |
Jump to behavior |
Source: C:\Windows\System32\dialer.exe |
Thread created: C:\Windows\System32\lsm.exe EIP: 1B273C |
Jump to behavior |
Source: C:\Windows\System32\dialer.exe |
Thread created: C:\Windows\System32\svchost.exe EIP: 68273C |
Jump to behavior |
Source: C:\Windows\System32\dialer.exe |
Thread created: C:\Windows\System32\svchost.exe EIP: 13273C |
Jump to behavior |
Source: C:\Windows\System32\dialer.exe |
Thread created: C:\Windows\System32\svchost.exe EIP: 13F273C |
Jump to behavior |
Source: C:\Windows\System32\dialer.exe |
Thread created: C:\Windows\System32\svchost.exe EIP: 97273C |
Jump to behavior |
Source: C:\Windows\System32\dialer.exe |
Thread created: C:\Windows\System32\svchost.exe EIP: 18273C |
Jump to behavior |
Source: C:\Windows\System32\dialer.exe |
Thread created: C:\Windows\System32\svchost.exe EIP: B9273C |
Jump to behavior |
Source: C:\Windows\System32\dialer.exe |
Thread created: C:\Windows\System32\svchost.exe EIP: 11273C |
Jump to behavior |
Source: C:\Windows\System32\dialer.exe |
Thread created: C:\Windows\System32\svchost.exe EIP: FD273C |
Jump to behavior |
Source: C:\Windows\System32\dialer.exe |
Thread created: C:\Windows\System32\spoolsv.exe EIP: 1E5273C |
Jump to behavior |
Source: C:\Windows\System32\dialer.exe |
Thread created: C:\Windows\System32\svchost.exe EIP: 12273C |
Jump to behavior |
Source: C:\Windows\System32\dialer.exe |
Thread created: C:\Windows\System32\dwm.exe EIP: 34273C |
Jump to behavior |
Source: C:\Windows\System32\dialer.exe |
Thread created: C:\Windows\explorer.exe EIP: 280273C |
Jump to behavior |
Source: C:\Windows\System32\dialer.exe |
Thread created: C:\Windows\System32\taskeng.exe EIP: 97273C |
Jump to behavior |
Source: C:\Windows\System32\dialer.exe |
Thread created: C:\Windows\System32\UI0Detect.exe EIP: 1B8273C |
Jump to behavior |
Source: C:\Windows\System32\dialer.exe |
Thread created: C:\Windows\System32\wbem\WmiPrvSE.exe EIP: 1A273C |
Jump to behavior |
Source: C:\Windows\System32\dialer.exe |
Thread created: C:\Windows\System32\svchost.exe EIP: 33273C |
Jump to behavior |
Source: C:\Windows\System32\dialer.exe |
Thread created: C:\Windows\System32\wbem\WmiPrvSE.exe EIP: 1B273C |
Jump to behavior |
Source: C:\Windows\System32\dialer.exe |
Thread created: C:\Windows\System32\wbem\WmiPrvSE.exe EIP: 1C273C |
Jump to behavior |
Source: C:\Windows\System32\dialer.exe |
Thread created: unknown EIP: 13273C |
Jump to behavior |
Source: C:\Windows\System32\dialer.exe |
Thread created: unknown EIP: 54273C |
Jump to behavior |
Source: C:\Windows\System32\dialer.exe |
Thread created: C:\Windows\System32\conhost.exe EIP: 2C273C |
Jump to behavior |
Source: C:\Windows\System32\dialer.exe |
Thread created: C:\Windows\System32\svchost.exe EIP: 12273C |
Jump to behavior |
Source: C:\Windows\System32\dialer.exe |
Thread created: C:\Windows\System32\WerFault.exe EIP: 1D8273C |
Jump to behavior |
Source: C:\Windows\System32\dialer.exe |
Thread created: C:\Windows\System32\sc.exe EIP: 13273C |
Jump to behavior |
Source: C:\Windows\System32\dialer.exe |
Thread created: C:\Windows\System32\conhost.exe EIP: 1D273C |
Jump to behavior |
Source: C:\Windows\System32\dialer.exe |
Thread created: unknown EIP: C6273C |
Jump to behavior |
Source: C:\Windows\System32\dialer.exe |
Thread created: unknown EIP: 1ACC273C |
Jump to behavior |
Source: C:\Windows\System32\dialer.exe |
Thread created: unknown EIP: 1BF6273C |
Jump to behavior |
Source: C:\Windows\System32\dialer.exe |
Thread created: unknown EIP: 1BFC273C |
Jump to behavior |
Source: C:\Windows\System32\dialer.exe |
Thread created: unknown EIP: 1C02273C |
Jump to behavior |
Source: C:\Windows\System32\dialer.exe |
NtQueryInformationProcess: Direct from: 0x1400018E6 |
Jump to behavior |
Source: C:\ProgramData\jjfvbumjfczj\oapavmkbdsqp.exe |
NtResumeThread: Indirect: 0x28231E |
Jump to behavior |
Source: C:\Windows\System32\dialer.exe |
NtQueryInformationProcess: Direct from: 0x140001176 |
Jump to behavior |
Source: C:\Windows\System32\winlogon.exe |
NtOpenKeyEx: Direct from: 0x98171F |
Jump to behavior |
Source: C:\Windows\System32\winlogon.exe |
NtOpenKeyEx: Direct from: 0x981795 |
Jump to behavior |
Source: C:\Windows\System32\winlogon.exe |
NtProtectVirtualMemory: Direct from: 0x984E3C |
Jump to behavior |
Source: C:\Windows\System32\dialer.exe |
NtCreateThreadEx: Direct from: 0x14000145B |
Jump to behavior |
Source: C:\Windows\System32\services.exe |
NtNotifyChangeKey: Direct from: 0x1F3862 |
Jump to behavior |
Source: C:\Windows\System32\dialer.exe |
NtMapViewOfSection: Direct from: 0x14000202B |
Jump to behavior |
Source: C:\Windows\System32\lsass.exe |
NtSetTimer: Direct from: 0x772FA561 |
Jump to behavior |
Source: C:\Windows\System32\services.exe |
NtQueryInformationProcess: Direct from: 0x1F196E |
Jump to behavior |
Source: C:\Windows\System32\dialer.exe |
NtQuerySystemInformation: Direct from: 0x14000155D |
Jump to behavior |
Source: C:\Windows\System32\services.exe |
NtQueryVolumeInformationFile: Direct from: 0x1F241C |
Jump to behavior |
Source: C:\Windows\System32\dialer.exe |
NtRequestWaitReplyPort: Direct from: 0x1400024AA |
Jump to behavior |
Source: C:\Windows\System32\winlogon.exe |
NtMapViewOfSection: Direct from: 0x989E4F |
Jump to behavior |
Source: C:\Windows\System32\services.exe |
NtSetInformationProcess: Direct from: 0x1F1A66 |
Jump to behavior |
Source: C:\Windows\System32\services.exe |
NtReadFile: Direct from: 0x1F2309 |
Jump to behavior |
Source: C:\Windows\System32\sc.exe |
NtEnumerateValueKey: Indirect: 0x16293D |
Jump to behavior |
Source: C:\Windows\System32\lsass.exe |
NtClose: Direct from: 0x9C173A |
|
Source: C:\Windows\System32\lsass.exe |
NtMapViewOfSection: Direct from: 0xF2861 |
Jump to behavior |
Source: C:\Windows\System32\dialer.exe |
NtProtectVirtualMemory: Direct from: 0x1400020B4 |
Jump to behavior |
Source: C:\Windows\System32\winlogon.exe |
NtDelayExecution: Direct from: 0x981ADD |
Jump to behavior |
Source: C:\ProgramData\jjfvbumjfczj\oapavmkbdsqp.exe |
NtEnumerateValueKey: Indirect: 0x28293D |
Jump to behavior |
Source: C:\Windows\System32\winlogon.exe |
NtOpenSection: Direct from: 0x98F43A |
Jump to behavior |
Source: C:\Windows\System32\WerFault.exe |
NtQuerySystemInformation: Indirect: 0x248205D |
Jump to behavior |
Source: C:\Windows\System32\services.exe |
NtClose: Direct from: 0x1F173A |
|
Source: C:\Windows\System32\dialer.exe |
NtClose: Direct from: 0x140002321 |
|
Source: C:\Windows\System32\dialer.exe |
NtCreateKey: Direct from: 0x140002444 |
Jump to behavior |
Source: C:\Windows\System32\winlogon.exe |
NtEnumerateValueKey: Direct from: 0x98290E |
Jump to behavior |
Source: C:\Windows\System32\dialer.exe |
NtFsControlFile: Direct from: 0x140002208 |
Jump to behavior |
Source: C:\Windows\System32\winlogon.exe |
NtProtectVirtualMemory: Direct from: 0x983830 |
Jump to behavior |
Source: C:\Windows\System32\services.exe |
NtQueryDirectoryFile: Direct from: 0x1F23AE |
Jump to behavior |
Source: C:\Windows\System32\dialer.exe |
NtCreateKey: Direct from: 0x1400023C4 |
Jump to behavior |
Source: C:\Windows\System32\dialer.exe |
NtReadVirtualMemory: Direct from: 0x1400015B0 |
Jump to behavior |
Source: C:\Windows\System32\dialer.exe |
NtProtectVirtualMemory: Direct from: 0x1400020E4 |
Jump to behavior |
Source: C:\Windows\System32\dialer.exe |
NtReadVirtualMemory: Direct from: 0x140001FAE |
Jump to behavior |
Source: C:\Windows\System32\winlogon.exe |
NtOpenKeyEx: Direct from: 0x9816E5 |
Jump to behavior |
Source: C:\Windows\System32\dialer.exe |
NtQueryInformationProcess: Direct from: 0x14000121C |
Jump to behavior |
Source: C:\Windows\System32\services.exe |
NtResumeThread: Direct from: 0x1F231E |
Jump to behavior |
Source: C:\Windows\System32\dialer.exe |
NtAdjustPrivilegesToken: Direct from: 0x14000230E |
Jump to behavior |
Source: C:\Windows\System32\winlogon.exe |
NtOpenKeyEx: Direct from: 0x98180B |
Jump to behavior |
Source: C:\Windows\System32\winlogon.exe |
NtClose: Direct from: 0x9818A6 |
|
Source: C:\Windows\System32\winlogon.exe |
NtRequestWaitReplyPort: Direct from: 0x983311 |
Jump to behavior |
Source: C:\Windows\System32\winlogon.exe |
NtProtectVirtualMemory: Direct from: 0x985E6C |
Jump to behavior |
Source: C:\Windows\System32\dialer.exe |
NtClose: Direct from: 0x140001901 |
|
Source: C:\Windows\System32\dialer.exe |
NtClose: Direct from: 0x140001623 |
|
Source: C:\Windows\System32\sc.exe |
NtResumeThread: Indirect: 0x16231E |
Jump to behavior |
Source: C:\Windows\System32\dialer.exe |
NtFsControlFile: Direct from: 0x140002C97 |
Jump to behavior |
Source: C:\Windows\System32\dialer.exe |
NtAllocateVirtualMemory: Direct from: 0x14000192A |
Jump to behavior |
Source: C:\Windows\System32\winlogon.exe |
NtOpenKeyEx: Direct from: 0x98175A |
Jump to behavior |
Source: C:\Windows\System32\dialer.exe |
NtCreateFile: Direct from: 0x140001FDE |
Jump to behavior |
Source: C:\Windows\System32\dialer.exe |
NtCreateNamedPipeFile: Direct from: 0x140001C6D |
Jump to behavior |
Source: C:\Windows\System32\WerFault.exe |
NtResumeThread: Indirect: 0x248231E |
Jump to behavior |
Source: C:\Windows\System32\dialer.exe |
NtQuerySystemInformation: Direct from: 0x140002B9F |
Jump to behavior |
Source: C:\Windows\System32\sc.exe |
NtDeviceIoControlFile: Indirect: 0x162B9D |
Jump to behavior |
Source: C:\Windows\System32\winlogon.exe |
NtOpenKeyEx: Direct from: 0x981881 |
Jump to behavior |
Source: C:\Windows\System32\dialer.exe |
NtAllocateVirtualMemory: Direct from: 0x140001657 |
Jump to behavior |
Source: C:\Windows\System32\dialer.exe |
NtAllocateVirtualMemory: Direct from: 0x140001414 |
Jump to behavior |
Source: C:\Windows\System32\dialer.exe |
NtClose: Direct from: 0x1400014B1 |
|
Source: C:\Windows\System32\lsass.exe |
NtQuerySystemInformation: Direct from: 0x9C205D |
Jump to behavior |
Source: C:\ProgramData\jjfvbumjfczj\oapavmkbdsqp.exe |
NtEnumerateValueKey: Indirect: 0x28290E |
Jump to behavior |
Source: C:\Windows\System32\lsass.exe |
NtResumeThread: Direct from: 0x9C3311 |
Jump to behavior |
Source: C:\Windows\System32\dialer.exe |
NtRequestWaitReplyPort: Direct from: 0x1400024EE |
Jump to behavior |
Source: C:\Windows\System32\dialer.exe |
NtAllocateVirtualMemory: Direct from: 0x140002335 |
Jump to behavior |
Source: C:\Windows\System32\dialer.exe |
NtAllocateVirtualMemory: Direct from: 0x772FA36E |
Jump to behavior |
Source: C:\Windows\System32\services.exe |
NtRequestWaitReplyPort: Direct from: 0x1F3311 |
Jump to behavior |
Source: C:\Windows\System32\WerFault.exe |
NtQueryDirectoryFile: Indirect: 0x24823AE |
Jump to behavior |
Source: C:\Windows\System32\dialer.exe |
NtFsControlFile: Direct from: 0x140002C30 |
Jump to behavior |
Source: C:\ProgramData\jjfvbumjfczj\oapavmkbdsqp.exe |
NtDeviceIoControlFile: Indirect: 0x282B9D |
Jump to behavior |
Source: C:\Windows\System32\winlogon.exe |
NtProtectVirtualMemory: Direct from: 0x9837F4 |
Jump to behavior |
Source: C:\Windows\System32\winlogon.exe |
NtOpenKeyEx: Direct from: 0x9817D0 |
Jump to behavior |
Source: C:\Windows\System32\dialer.exe |
NtRequestWaitReplyPort: Direct from: 0x140002081 |
Jump to behavior |
Source: C:\Windows\System32\winlogon.exe |
NtClose: Direct from: 0x98173A |
|
Source: C:\Windows\System32\winlogon.exe |
NtProtectVirtualMemory: Direct from: 0x98565F |
Jump to behavior |
Source: C:\Windows\System32\dialer.exe |
NtReadVirtualMemory: Direct from: 0x1400015E7 |
Jump to behavior |
Source: C:\Windows\System32\services.exe |
NtOpenSection: Direct from: 0x1FF43A |
Jump to behavior |
Source: C:\Windows\System32\winlogon.exe |
NtOpenKeyEx: Direct from: 0x9816B8 |
Jump to behavior |
Source: C:\Windows\System32\services.exe |
NtCreateFile: Direct from: 0x1F22C2 |
Jump to behavior |
Source: C:\ProgramData\jjfvbumjfczj\oapavmkbdsqp.exe |
NtQuerySystemInformation: Indirect: 0x28205D |
Jump to behavior |
Source: C:\Windows\System32\winlogon.exe |
NtAllocateVirtualMemory: Direct from: 0x983AA5 |
Jump to behavior |
Source: C:\Windows\System32\dialer.exe |
NtProtectVirtualMemory: Direct from: 0x140001437 |
Jump to behavior |
Source: C:\Windows\System32\lsass.exe |
NtDelayExecution: Direct from: 0x9C1ADD |
Jump to behavior |
Source: C:\Windows\System32\lsass.exe |
NtOpenSection: Direct from: 0x9CF43A |
Jump to behavior |
Source: C:\Windows\System32\dialer.exe |
NtSetSecurityObject: Direct from: 0x140002404 |
Jump to behavior |
Source: C:\Windows\System32\services.exe |
NtMapViewOfSection: Direct from: 0x1C2861 |
Jump to behavior |
Source: C:\Windows\System32\winlogon.exe |
NtProtectVirtualMemory: Direct from: 0x952861 |
Jump to behavior |
Source: C:\Windows\System32\dialer.exe |
NtRequestWaitReplyPort: Direct from: 0x14000250F |
Jump to behavior |
Source: C:\Windows\System32\services.exe |
NtMapViewOfSection: Direct from: 0x1F9E4F |
Jump to behavior |
Source: C:\Windows\System32\winlogon.exe |
NtEnumerateValueKey: Direct from: 0x98293D |
Jump to behavior |
Source: C:\Windows\System32\winlogon.exe |
NtAllocateVirtualMemory: Direct from: 0x9527DD |
Jump to behavior |
Source: C:\Windows\System32\lsass.exe |
NtMapViewOfSection: Direct from: 0x9C9E4F |
Jump to behavior |
Source: C:\Windows\System32\services.exe |
NtDelayExecution: Direct from: 0x1F1ADD |
Jump to behavior |
Source: C:\Windows\System32\dialer.exe |
NtSetValueKey: Direct from: 0x140002475 |
Jump to behavior |
Source: C:\Windows\System32\dialer.exe |
NtProtectVirtualMemory: Direct from: 0x140001BF1 |
Jump to behavior |
Source: C:\Windows\System32\dialer.exe |
NtDeviceIoControlFile: Direct from: 0x1400023EB |
Jump to behavior |
Source: C:\Windows\System32\sc.exe |
NtEnumerateValueKey: Indirect: 0x16290E |
Jump to behavior |
Source: C:\Windows\System32\dialer.exe |
NtDelayExecution: Direct from: 0x140002517 |
Jump to behavior |
Source: C:\Windows\System32\dialer.exe |
NtClose: Direct from: 0x14000247F |
|
Source: C:\Windows\System32\winlogon.exe |
NtOpenKeyEx: Direct from: 0x981846 |
Jump to behavior |
Source: C:\Windows\System32\dialer.exe |
NtReadFile: Direct from: 0x140002C53 |
Jump to behavior |
Source: C:\Windows\System32\dialer.exe |
NtQuerySystemInformation: Direct from: 0x1400022D6 |
Jump to behavior |
Source: C:\Users\user\Desktop\mine327.exe |
Memory written: C:\Windows\explorer.exe base: 140000000 value starts with: 4D5A |
Jump to behavior |
Source: C:\Windows\System32\dialer.exe |
Memory written: C:\Windows\System32\services.exe base: 1C0000 value starts with: 4D5A |
Jump to behavior |
Source: C:\Windows\System32\dialer.exe |
Memory written: C:\Windows\System32\winlogon.exe base: 950000 value starts with: 4D5A |
Jump to behavior |
Source: C:\Windows\System32\dialer.exe |
Memory written: C:\Windows\System32\lsass.exe base: F0000 value starts with: 4D5A |
Jump to behavior |
Source: C:\Windows\System32\dialer.exe |
Memory written: C:\ProgramData\jjfvbumjfczj\oapavmkbdsqp.exe base: E0000 value starts with: 4D5A |
Jump to behavior |
Source: C:\Windows\System32\dialer.exe |
Memory written: C:\Windows\System32\lsm.exe base: 1B0000 value starts with: 4D5A |
Jump to behavior |
Source: C:\Windows\System32\dialer.exe |
Memory written: C:\Windows\System32\svchost.exe base: 680000 value starts with: 4D5A |
Jump to behavior |
Source: C:\Windows\System32\dialer.exe |
Memory written: C:\Windows\System32\svchost.exe base: 130000 value starts with: 4D5A |
Jump to behavior |
Source: C:\Windows\System32\dialer.exe |
Memory written: C:\Windows\System32\svchost.exe base: 13F0000 value starts with: 4D5A |
Jump to behavior |
Source: C:\Windows\System32\dialer.exe |
Memory written: C:\Windows\System32\svchost.exe base: 970000 value starts with: 4D5A |
Jump to behavior |
Source: C:\Windows\System32\dialer.exe |
Memory written: C:\Windows\System32\svchost.exe base: 180000 value starts with: 4D5A |
Jump to behavior |
Source: C:\Windows\System32\dialer.exe |
Memory written: C:\Windows\System32\svchost.exe base: B90000 value starts with: 4D5A |
Jump to behavior |
Source: C:\Windows\System32\dialer.exe |
Memory written: C:\Windows\System32\svchost.exe base: 110000 value starts with: 4D5A |
Jump to behavior |
Source: C:\Windows\System32\dialer.exe |
Memory written: C:\Windows\System32\svchost.exe base: FD0000 value starts with: 4D5A |
Jump to behavior |
Source: C:\Windows\System32\dialer.exe |
Memory written: C:\Windows\System32\spoolsv.exe base: 1E50000 value starts with: 4D5A |
Jump to behavior |
Source: C:\Windows\System32\dialer.exe |
Memory written: C:\Windows\System32\svchost.exe base: 120000 value starts with: 4D5A |
Jump to behavior |
Source: C:\Windows\System32\dialer.exe |
Memory written: C:\Windows\System32\dwm.exe base: 340000 value starts with: 4D5A |
Jump to behavior |
Source: C:\Windows\System32\dialer.exe |
Memory written: C:\Windows\explorer.exe base: 2800000 value starts with: 4D5A |
Jump to behavior |
Source: C:\Windows\System32\dialer.exe |
Memory written: C:\Windows\System32\taskeng.exe base: 970000 value starts with: 4D5A |
Jump to behavior |
Source: C:\Windows\System32\dialer.exe |
Memory written: C:\Windows\System32\UI0Detect.exe base: 1B80000 value starts with: 4D5A |
Jump to behavior |
Source: C:\Windows\System32\dialer.exe |
Memory written: C:\Windows\System32\wbem\WmiPrvSE.exe base: 1A0000 value starts with: 4D5A |
Jump to behavior |
Source: C:\Windows\System32\dialer.exe |
Memory written: C:\Windows\System32\svchost.exe base: 330000 value starts with: 4D5A |
Jump to behavior |
Source: C:\Windows\System32\dialer.exe |
Memory written: C:\Windows\System32\wbem\WmiPrvSE.exe base: 1B0000 value starts with: 4D5A |
Jump to behavior |
Source: C:\Windows\System32\dialer.exe |
Memory written: C:\Windows\System32\wbem\WmiPrvSE.exe base: 1C0000 value starts with: 4D5A |
Jump to behavior |
Source: C:\Windows\System32\dialer.exe |
Memory written: C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE base: 130000 value starts with: 4D5A |
Jump to behavior |
Source: C:\Windows\System32\dialer.exe |
Memory written: C:\Users\user\Desktop\mine327.exe base: 540000 value starts with: 4D5A |
Jump to behavior |
Source: C:\Windows\System32\dialer.exe |
Memory written: C:\ProgramData\jjfvbumjfczj\oapavmkbdsqp.exe base: 2C0000 value starts with: 4D5A |
Jump to behavior |
Source: C:\Windows\System32\dialer.exe |
Memory written: C:\Windows\System32\svchost.exe base: 120000 value starts with: 4D5A |
Jump to behavior |
Source: C:\Windows\System32\dialer.exe |
Memory written: C:\Windows\System32\WerFault.exe base: 1D80000 value starts with: 4D5A |
Jump to behavior |
Source: C:\Windows\System32\dialer.exe |
Memory written: C:\Windows\System32\sc.exe base: 130000 value starts with: 4D5A |
Jump to behavior |
Source: C:\Windows\System32\dialer.exe |
Memory written: C:\Windows\System32\conhost.exe base: 1D0000 value starts with: 4D5A |
Jump to behavior |
Source: C:\Windows\System32\dialer.exe |
Memory written: C:\Users\user\Desktop\mine327.exe base: C60000 value starts with: 4D5A |
Jump to behavior |
Source: C:\Windows\System32\dialer.exe |
Memory written: C:\Users\user\Desktop\mine327.exe base: 1140000 value starts with: 4D5A |
Jump to behavior |
Source: C:\Windows\System32\dialer.exe |
Memory written: C:\Users\user\Desktop\mine327.exe base: 1ACC0000 value starts with: 4D5A |
Jump to behavior |
Source: C:\Windows\System32\dialer.exe |
Memory written: C:\Users\user\Desktop\mine327.exe base: 1B4A0000 value starts with: 4D5A |
Jump to behavior |
Source: C:\Windows\System32\dialer.exe |
Memory written: C:\Users\user\Desktop\mine327.exe base: 1BE40000 value starts with: 4D5A |
Jump to behavior |
Source: C:\Windows\System32\dialer.exe |
Memory written: C:\Users\user\Desktop\mine327.exe base: 1BEA0000 value starts with: 4D5A |
Jump to behavior |
Source: C:\Windows\System32\dialer.exe |
Memory written: C:\Users\user\Desktop\mine327.exe base: 1BF00000 value starts with: 4D5A |
Jump to behavior |
Source: C:\Windows\System32\dialer.exe |
Memory written: C:\Users\user\Desktop\mine327.exe base: 1BF60000 value starts with: 4D5A |
Jump to behavior |
Source: C:\Windows\System32\dialer.exe |
Memory written: C:\Users\user\Desktop\mine327.exe base: 1BFC0000 value starts with: 4D5A |
Jump to behavior |
Source: C:\Windows\System32\dialer.exe |
Memory written: C:\Users\user\Desktop\mine327.exe base: 1C020000 value starts with: 4D5A |
Jump to behavior |
Source: C:\Windows\System32\dialer.exe |
Memory written: C:\Users\user\Desktop\mine327.exe base: 1C080000 value starts with: 4D5A |
Jump to behavior |
Source: C:\Users\user\Desktop\mine327.exe |
Memory written: C:\Windows\explorer.exe base: 140000000 |
Jump to behavior |
Source: C:\Users\user\Desktop\mine327.exe |
Memory written: C:\Windows\explorer.exe base: 140001000 |
Jump to behavior |
Source: C:\Users\user\Desktop\mine327.exe |
Memory written: C:\Windows\explorer.exe base: 140008000 |
Jump to behavior |
Source: C:\Users\user\Desktop\mine327.exe |
Memory written: C:\Windows\explorer.exe base: 14000A000 |
Jump to behavior |
Source: C:\Users\user\Desktop\mine327.exe |
Memory written: C:\Windows\explorer.exe base: 1402BD000 |
Jump to behavior |
Source: C:\Users\user\Desktop\mine327.exe |
Memory written: C:\Windows\explorer.exe base: 1402BE000 |
Jump to behavior |
Source: C:\Users\user\Desktop\mine327.exe |
Memory written: C:\Windows\explorer.exe base: 1402BF000 |
Jump to behavior |
Source: C:\Users\user\Desktop\mine327.exe |
Memory written: C:\Windows\explorer.exe base: 1402C0000 |
Jump to behavior |
Source: C:\Users\user\Desktop\mine327.exe |
Memory written: C:\Windows\explorer.exe base: 7FFFFFDB010 |
Jump to behavior |
Source: C:\Windows\System32\dialer.exe |
Memory written: C:\Windows\System32\services.exe base: 1C0000 |
Jump to behavior |
Source: C:\Windows\System32\dialer.exe |
Memory written: C:\Windows\System32\winlogon.exe base: 950000 |
Jump to behavior |
Source: C:\Windows\System32\dialer.exe |
Memory written: C:\Windows\System32\lsass.exe base: F0000 |
Jump to behavior |
Source: C:\Windows\System32\dialer.exe |
Memory written: C:\ProgramData\jjfvbumjfczj\oapavmkbdsqp.exe base: E0000 |
Jump to behavior |
Source: C:\Windows\System32\dialer.exe |
Memory written: C:\Windows\System32\lsm.exe base: 1B0000 |
Jump to behavior |
Source: C:\Windows\System32\dialer.exe |
Memory written: C:\Windows\System32\svchost.exe base: 680000 |
Jump to behavior |
Source: C:\Windows\System32\dialer.exe |
Memory written: C:\Windows\System32\svchost.exe base: 130000 |
Jump to behavior |
Source: C:\Windows\System32\dialer.exe |
Memory written: C:\Windows\System32\svchost.exe base: 13F0000 |
Jump to behavior |
Source: C:\Windows\System32\dialer.exe |
Memory written: C:\Windows\System32\svchost.exe base: 970000 |
Jump to behavior |
Source: C:\Windows\System32\dialer.exe |
Memory written: C:\Windows\System32\svchost.exe base: 180000 |
Jump to behavior |
Source: C:\Windows\System32\dialer.exe |
Memory written: C:\Windows\System32\svchost.exe base: B90000 |
Jump to behavior |
Source: C:\Windows\System32\dialer.exe |
Memory written: C:\Windows\System32\svchost.exe base: 110000 |
Jump to behavior |
Source: C:\Windows\System32\dialer.exe |
Memory written: C:\Windows\System32\svchost.exe base: FD0000 |
Jump to behavior |
Source: C:\Windows\System32\dialer.exe |
Memory written: C:\Windows\System32\spoolsv.exe base: 1E50000 |
Jump to behavior |
Source: C:\Windows\System32\dialer.exe |
Memory written: C:\Windows\System32\svchost.exe base: 120000 |
Jump to behavior |
Source: C:\Windows\System32\dialer.exe |
Memory written: C:\Windows\System32\dwm.exe base: 340000 |
Jump to behavior |
Source: C:\Windows\System32\dialer.exe |
Memory written: C:\Windows\explorer.exe base: 2800000 |
Jump to behavior |
Source: C:\Windows\System32\dialer.exe |
Memory written: C:\Windows\System32\taskeng.exe base: 970000 |
Jump to behavior |
Source: C:\Windows\System32\dialer.exe |
Memory written: C:\Windows\System32\UI0Detect.exe base: 1B80000 |
Jump to behavior |
Source: C:\Windows\System32\dialer.exe |
Memory written: C:\Windows\System32\wbem\WmiPrvSE.exe base: 1A0000 |
Jump to behavior |
Source: C:\Windows\System32\dialer.exe |
Memory written: C:\Windows\System32\svchost.exe base: 330000 |
Jump to behavior |
Source: C:\Windows\System32\dialer.exe |
Memory written: C:\Windows\System32\wbem\WmiPrvSE.exe base: 1B0000 |
Jump to behavior |
Source: C:\Windows\System32\dialer.exe |
Memory written: C:\Windows\System32\wbem\WmiPrvSE.exe base: 1C0000 |
Jump to behavior |
Source: C:\Windows\System32\dialer.exe |
Memory written: C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE base: 130000 |
Jump to behavior |
Source: C:\Windows\System32\dialer.exe |
Memory written: C:\Users\user\Desktop\mine327.exe base: 540000 |
Jump to behavior |
Source: C:\Windows\System32\dialer.exe |
Memory written: C:\ProgramData\jjfvbumjfczj\oapavmkbdsqp.exe base: 2C0000 |
Jump to behavior |
Source: C:\Windows\System32\dialer.exe |
Memory written: C:\Windows\System32\svchost.exe base: 120000 |
Jump to behavior |
Source: C:\Windows\System32\dialer.exe |
Memory written: C:\Windows\System32\WerFault.exe base: 1D80000 |
Jump to behavior |
Source: C:\Windows\System32\dialer.exe |
Memory written: C:\Windows\System32\sc.exe base: 130000 |
Jump to behavior |
Source: C:\Windows\System32\dialer.exe |
Memory written: C:\Windows\System32\conhost.exe base: 1D0000 |
Jump to behavior |
Source: C:\Windows\System32\dialer.exe |
Memory written: C:\Users\user\Desktop\mine327.exe base: C60000 |
Jump to behavior |
Source: C:\Windows\System32\dialer.exe |
Memory written: C:\Users\user\Desktop\mine327.exe base: 1140000 |
Jump to behavior |
Source: C:\Windows\System32\dialer.exe |
Memory written: C:\Users\user\Desktop\mine327.exe base: 1ACC0000 |
Jump to behavior |
Source: C:\Windows\System32\dialer.exe |
Memory written: C:\Users\user\Desktop\mine327.exe base: 1B4A0000 |
Jump to behavior |
Source: C:\Windows\System32\dialer.exe |
Memory written: C:\Users\user\Desktop\mine327.exe base: 1BE40000 |
Jump to behavior |
Source: C:\Windows\System32\dialer.exe |
Memory written: C:\Users\user\Desktop\mine327.exe base: 1BEA0000 |
Jump to behavior |
Source: C:\Windows\System32\dialer.exe |
Memory written: C:\Users\user\Desktop\mine327.exe base: 1BF00000 |
Jump to behavior |
Source: C:\Windows\System32\dialer.exe |
Memory written: C:\Users\user\Desktop\mine327.exe base: 1BF60000 |
Jump to behavior |
Source: C:\Windows\System32\dialer.exe |
Memory written: C:\Users\user\Desktop\mine327.exe base: 1BFC0000 |
Jump to behavior |
Source: C:\Windows\System32\dialer.exe |
Memory written: C:\Users\user\Desktop\mine327.exe base: 1C020000 |
Jump to behavior |
Source: C:\Windows\System32\dialer.exe |
Memory written: C:\Users\user\Desktop\mine327.exe base: 1C080000 |
Jump to behavior |
Source: C:\Windows\System32\lsass.exe |
Memory written: C:\Windows\System32\WerFault.exe base: 1BB0000 |
Jump to behavior |
Source: C:\Windows\System32\lsass.exe |
Memory written: C:\Windows\System32\WerFault.exe base: 1BB0000 |
Jump to behavior |
Source: C:\Windows\System32\lsass.exe |
Memory written: C:\Windows\System32\WerFault.exe base: 1BB0000 |
Jump to behavior |
Source: C:\Windows\System32\lsass.exe |
Memory written: C:\Windows\System32\WerFault.exe base: 1BB0000 |
Jump to behavior |
Source: C:\Windows\System32\lsass.exe |
Memory written: C:\Windows\System32\WerFault.exe base: 1BB0000 |
Jump to behavior |
Source: C:\Windows\System32\lsass.exe |
Memory written: C:\Windows\System32\WerFault.exe base: 1BB0000 |
Jump to behavior |
Source: C:\Windows\System32\lsass.exe |
Memory written: C:\Windows\System32\WerFault.exe base: 1BB0000 |
Jump to behavior |
Source: C:\Windows\System32\lsass.exe |
Memory written: C:\Windows\System32\WerFault.exe base: 1BB0000 |
Jump to behavior |
Source: C:\Windows\System32\lsass.exe |
Memory written: C:\Windows\System32\WerFault.exe base: 1BB0000 |
Jump to behavior |
Source: C:\ProgramData\jjfvbumjfczj\oapavmkbdsqp.exe |
Code function: 16_2_FF634EF4 SHBindToParent, |
16_2_FF634EF4 |
Source: C:\ProgramData\jjfvbumjfczj\oapavmkbdsqp.exe |
Code function: 16_2_FF6B9EF0 memset,RpcStringBindingComposeW,RpcBindingFromStringBindingW,RpcStringFreeW,LocalAlloc,CreateWellKnownSid,GetLastError,RpcBindingSetAuthInfoExW,LocalFree,RpcBindingFree, |
16_2_FF6B9EF0 |
Source: C:\ProgramData\jjfvbumjfczj\oapavmkbdsqp.exe |
Code function: 16_2_FF642ED0 SHBindToParent, |
16_2_FF642ED0 |
Source: C:\ProgramData\jjfvbumjfczj\oapavmkbdsqp.exe |
Code function: 16_2_FF6A8D58 SHBindToParent,#460,SHStrDupW, |
16_2_FF6A8D58 |
Source: C:\ProgramData\jjfvbumjfczj\oapavmkbdsqp.exe |
Code function: 16_2_FF63FDA0 SHBindToParent, |
16_2_FF63FDA0 |
Source: C:\ProgramData\jjfvbumjfczj\oapavmkbdsqp.exe |
Code function: 16_2_FF69AD98 SetForegroundWindow,SHBindToObject,#279,SHGetPathFromIDListW,#388, |
16_2_FF69AD98 |
Source: C:\ProgramData\jjfvbumjfczj\oapavmkbdsqp.exe |
Code function: 16_2_FF6B6CD8 #21,SHBindToObject,#155,SHBindToObject,SHGetIDListFromObject,#484,#155,#155,#155, |
16_2_FF6B6CD8 |
Source: C:\ProgramData\jjfvbumjfczj\oapavmkbdsqp.exe |
Code function: 16_2_FF6B9B64 RpcBindingFree,CloseHandle,CloseHandle,NdrClientCall3,LocalFree, |
16_2_FF6B9B64 |
Source: C:\ProgramData\jjfvbumjfczj\oapavmkbdsqp.exe |
Code function: 16_2_FF6B6B20 #21,SHBindToObject,#155,SHBindToObject,SHGetIDListFromObject,#155,#155,#155, |
16_2_FF6B6B20 |
Source: C:\ProgramData\jjfvbumjfczj\oapavmkbdsqp.exe |
Code function: 16_2_FF6AFBDC SHBindToParent, |
16_2_FF6AFBDC |
Source: C:\ProgramData\jjfvbumjfczj\oapavmkbdsqp.exe |
Code function: 16_2_FF665A40 SHBindToParent,#571,DestroyWindow, |
16_2_FF665A40 |
Source: C:\ProgramData\jjfvbumjfczj\oapavmkbdsqp.exe |
Code function: 16_2_FF62F9CC SHBindToFolderIDListParent, |
16_2_FF62F9CC |
Source: C:\ProgramData\jjfvbumjfczj\oapavmkbdsqp.exe |
Code function: 16_2_FF62A8E8 SHBindToFolderIDListParent,#787,SHStrDupW,PathParseIconLocationW,Shell_GetCachedImageIndexW,CoTaskMemFree,memset,PathIsNetworkPathW,AssocQueryKeyW,Shell_GetCachedImageIndexW,SHGetValueW,RegCloseKey,PathParseIconLocationW,Shell_GetCachedImageIndexW, |
16_2_FF62A8E8 |
Source: C:\ProgramData\jjfvbumjfczj\oapavmkbdsqp.exe |
Code function: 16_2_FF65F750 SetForegroundWindow,#89,SHBindToParent,CreatePopupMenu,LoadStringW,AppendMenuW,LoadStringW,AppendMenuW,TrackPopupMenu,DestroyMenu,#155,#100,SHGetFolderPathW,AppendMenuW,LoadStringW,AppendMenuW,#158,memset,SHGetPathFromIDListA,SHGetPathFromIDListW,SHGetKnownFolderIDList, |
16_2_FF65F750 |
Source: C:\ProgramData\jjfvbumjfczj\oapavmkbdsqp.exe |
Code function: 16_2_FF634720 SHBindToParent,DestroyIcon,SHParseDisplayName,SHBindToParent,DestroyIcon,#155, |
16_2_FF634720 |
Source: C:\ProgramData\jjfvbumjfczj\oapavmkbdsqp.exe |
Code function: 16_2_FF63F798 #89,SHBindToObject,CoTaskMemFree,#155, |
16_2_FF63F798 |
Source: C:\ProgramData\jjfvbumjfczj\oapavmkbdsqp.exe |
Code function: 16_2_FF6506F4 SHBindToParent, |
16_2_FF6506F4 |
Source: C:\ProgramData\jjfvbumjfczj\oapavmkbdsqp.exe |
Code function: 16_2_FF66941C GetClientRect,SHGetKnownFolderIDList,SHBindToParent,SendMessageCallbackW,#155,CoTaskMemFree,DestroyIcon, |
16_2_FF66941C |
Source: C:\ProgramData\jjfvbumjfczj\oapavmkbdsqp.exe |
Code function: 16_2_FF67437C SHGetIDListFromObject,#16,#17,#155,SHBindToParent,#199, |
16_2_FF67437C |
Source: C:\ProgramData\jjfvbumjfczj\oapavmkbdsqp.exe |
Code function: 16_2_FF635320 SHGetKnownFolderIDList,SHBindToParent,CoCreateInstance,#487,StrCmpW,CoTaskMemFree,PathParseIconLocationW,#460,CoTaskMemFree,CoTaskMemFree,CoTaskMemFree,CoTaskMemFree,CoTaskMemFree,CoTaskMemFree,CoTaskMemFree,CoTaskMemFree,SendMessageCallbackW,#155,CoTaskMemFree,DestroyIcon, |
16_2_FF635320 |
Source: C:\ProgramData\jjfvbumjfczj\oapavmkbdsqp.exe |
Code function: 16_2_FF6BC3E0 #278,CoCreateInstance,SendMessageW,SHBindToParent,SendMessageW,#571,SendMessageW,DestroyWindow, |
16_2_FF6BC3E0 |
Source: C:\ProgramData\jjfvbumjfczj\oapavmkbdsqp.exe |
Code function: 16_2_FF6D73F4 SHBindToObject,#155, |
16_2_FF6D73F4 |
Source: C:\ProgramData\jjfvbumjfczj\oapavmkbdsqp.exe |
Code function: 16_2_FF672398 memset,StringFromGUID2,#155,SHBindToObject, |
16_2_FF672398 |
Source: C:\ProgramData\jjfvbumjfczj\oapavmkbdsqp.exe |
Code function: 16_2_FF6D7270 #25,#155,SHBindToObject,#18, |
16_2_FF6D7270 |
Source: C:\ProgramData\jjfvbumjfczj\oapavmkbdsqp.exe |
Code function: 16_2_FF6A9110 SHGetKnownFolderIDList,SHBindToObject,#25,#155,#155,SHGetKnownFolderIDList,#155, |
16_2_FF6A9110 |
Source: C:\ProgramData\jjfvbumjfczj\oapavmkbdsqp.exe |
Code function: 16_2_FF6741F0 #155,#155,SHBindToObject, |
16_2_FF6741F0 |
Source: C:\ProgramData\jjfvbumjfczj\oapavmkbdsqp.exe |
Code function: 16_2_FF674000 SHGetIDListFromObject,SHBindToObject,CoTaskMemFree,CoTaskMemFree,SHCreateItemFromIDList,CoTaskMemFree, |
16_2_FF674000 |