Source: 14.2.cmd.exe.59000c8.7.unpack |
String decryptor: responsibilitybridge.com |
Source: 14.2.cmd.exe.59000c8.7.unpack |
String decryptor: /8BvxwQdec3/index.php |
Source: 14.2.cmd.exe.59000c8.7.unpack |
String decryptor: S-%lu- |
Source: 14.2.cmd.exe.59000c8.7.unpack |
String decryptor: 33a59d2d44 |
Source: 14.2.cmd.exe.59000c8.7.unpack |
String decryptor: Dctooux.exe |
Source: 14.2.cmd.exe.59000c8.7.unpack |
String decryptor: SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce |
Source: 14.2.cmd.exe.59000c8.7.unpack |
String decryptor: SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders |
Source: 14.2.cmd.exe.59000c8.7.unpack |
String decryptor: Startup |
Source: 14.2.cmd.exe.59000c8.7.unpack |
String decryptor: cmd /C RMDIR /s/q |
Source: 14.2.cmd.exe.59000c8.7.unpack |
String decryptor: SOFTWARE\Microsoft\Windows\CurrentVersion\Run |
Source: 14.2.cmd.exe.59000c8.7.unpack |
String decryptor: rundll32 |
Source: 14.2.cmd.exe.59000c8.7.unpack |
String decryptor: Programs |
Source: 14.2.cmd.exe.59000c8.7.unpack |
String decryptor: SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders |
Source: 14.2.cmd.exe.59000c8.7.unpack |
String decryptor: %USERPROFILE% |
Source: 14.2.cmd.exe.59000c8.7.unpack |
String decryptor: cred.dll|clip.dll| |
Source: 14.2.cmd.exe.59000c8.7.unpack |
String decryptor: http:// |
Source: 14.2.cmd.exe.59000c8.7.unpack |
String decryptor: https:// |
Source: 14.2.cmd.exe.59000c8.7.unpack |
String decryptor: /Plugins/ |
Source: 14.2.cmd.exe.59000c8.7.unpack |
String decryptor: &unit= |
Source: 14.2.cmd.exe.59000c8.7.unpack |
String decryptor: shell32.dll |
Source: 14.2.cmd.exe.59000c8.7.unpack |
String decryptor: kernel32.dll |
Source: 14.2.cmd.exe.59000c8.7.unpack |
String decryptor: GetNativeSystemInfo |
Source: 14.2.cmd.exe.59000c8.7.unpack |
String decryptor: ProgramData\ |
Source: 14.2.cmd.exe.59000c8.7.unpack |
String decryptor: AVAST Software |
Source: 14.2.cmd.exe.59000c8.7.unpack |
String decryptor: Kaspersky Lab |
Source: 14.2.cmd.exe.59000c8.7.unpack |
String decryptor: Panda Security |
Source: 14.2.cmd.exe.59000c8.7.unpack |
String decryptor: Doctor Web |
Source: 14.2.cmd.exe.59000c8.7.unpack |
String decryptor: 360TotalSecurity |
Source: 14.2.cmd.exe.59000c8.7.unpack |
String decryptor: Bitdefender |
Source: 14.2.cmd.exe.59000c8.7.unpack |
String decryptor: Norton |
Source: 14.2.cmd.exe.59000c8.7.unpack |
String decryptor: Sophos |
Source: 14.2.cmd.exe.59000c8.7.unpack |
String decryptor: Comodo |
Source: 14.2.cmd.exe.59000c8.7.unpack |
String decryptor: WinDefender |
Source: 14.2.cmd.exe.59000c8.7.unpack |
String decryptor: 0123456789 |
Source: 14.2.cmd.exe.59000c8.7.unpack |
String decryptor: Content-Type: multipart/form-data; boundary=---- |
Source: 14.2.cmd.exe.59000c8.7.unpack |
String decryptor: ------ |
Source: 14.2.cmd.exe.59000c8.7.unpack |
String decryptor: ?scr=1 |
Source: 14.2.cmd.exe.59000c8.7.unpack |
String decryptor: Content-Type: application/x-www-form-urlencoded |
Source: 14.2.cmd.exe.59000c8.7.unpack |
String decryptor: SYSTEM\CurrentControlSet\Control\ComputerName\ComputerName |
Source: 14.2.cmd.exe.59000c8.7.unpack |
String decryptor: ComputerName |
Source: 14.2.cmd.exe.59000c8.7.unpack |
String decryptor: abcdefghijklmnopqrstuvwxyz0123456789-_ |
Source: 14.2.cmd.exe.59000c8.7.unpack |
String decryptor: -unicode- |
Source: 14.2.cmd.exe.59000c8.7.unpack |
String decryptor: SYSTEM\CurrentControlSet\Control\UnitedVideo\CONTROL\VIDEO\ |
Source: 14.2.cmd.exe.59000c8.7.unpack |
String decryptor: SYSTEM\ControlSet001\Services\BasicDisplay\Video |
Source: 14.2.cmd.exe.59000c8.7.unpack |
String decryptor: VideoID |
Source: 14.2.cmd.exe.59000c8.7.unpack |
String decryptor: DefaultSettings.XResolution |
Source: 14.2.cmd.exe.59000c8.7.unpack |
String decryptor: DefaultSettings.YResolution |
Source: 14.2.cmd.exe.59000c8.7.unpack |
String decryptor: SOFTWARE\Microsoft\Windows NT\CurrentVersion |
Source: 14.2.cmd.exe.59000c8.7.unpack |
String decryptor: ProductName |
Source: 14.2.cmd.exe.59000c8.7.unpack |
String decryptor: CurrentBuild |
Source: 14.2.cmd.exe.59000c8.7.unpack |
String decryptor: rundll32.exe |
Source: 14.2.cmd.exe.59000c8.7.unpack |
String decryptor: "taskkill /f /im " |
Source: 14.2.cmd.exe.59000c8.7.unpack |
String decryptor: " && timeout 1 && del |
Source: 14.2.cmd.exe.59000c8.7.unpack |
String decryptor: && Exit" |
Source: 14.2.cmd.exe.59000c8.7.unpack |
String decryptor: " && ren |
Source: 14.2.cmd.exe.59000c8.7.unpack |
String decryptor: Powershell.exe |
Source: 14.2.cmd.exe.59000c8.7.unpack |
String decryptor: -executionpolicy remotesigned -File " |
Source: 14.2.cmd.exe.59000c8.7.unpack |
String decryptor: shutdown -s -t 0 |
Source: 14.2.cmd.exe.59000c8.7.unpack |
String decryptor: random |
Source: 14.2.cmd.exe.59000c8.7.unpack |
String decryptor: 64q}cZ |
Source: Yara match |
File source: 5.2.SoundTune.exe.278ae41be5f.1.raw.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 6.2.SoundTune.exe.2a37f9e925f.3.raw.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 14.2.cmd.exe.532b378.3.raw.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 16.2.explorer.exe.47f3f78.3.raw.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 18.2.explorer.exe.4ca8a8a.5.raw.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 0.2.SoundTune.exe.22584b96971.5.raw.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 16.2.explorer.exe.47afa8a.2.raw.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 17.2.explorer.exe.491fa8a.5.raw.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 0.2.SoundTune.exe.22584bdae5f.2.raw.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 2.2.cmd.exe.4ae3378.3.raw.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 5.2.SoundTune.exe.278ae41b25f.3.raw.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 6.2.SoundTune.exe.2a37f9e9e5f.4.raw.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 14.2.cmd.exe.532bf78.4.raw.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 7.2.cmd.exe.5465378.2.raw.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 7.2.cmd.exe.5465f78.4.raw.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 17.2.explorer.exe.4963378.4.raw.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 18.2.explorer.exe.4cec378.3.raw.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 13.2.SoundTune.exe.25b71315e5f.5.raw.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 0.2.SoundTune.exe.22584bda25f.3.raw.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 2.2.cmd.exe.4a9fa8a.4.raw.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 2.2.cmd.exe.4ae3f78.2.raw.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 7.2.cmd.exe.5421a8a.5.raw.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 16.2.explorer.exe.47f3378.5.raw.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 13.2.SoundTune.exe.25b7131525f.4.raw.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 18.2.explorer.exe.4cecf78.2.raw.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 17.2.explorer.exe.4963f78.2.raw.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 6.2.SoundTune.exe.2a37f9a5971.5.raw.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 13.2.SoundTune.exe.25b712d1971.3.raw.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 5.2.SoundTune.exe.278ae3d7971.2.raw.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 14.2.cmd.exe.52e7a8a.2.raw.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 00000007.00000002.2413913656.000000000541B000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY |
Source: Yara match |
File source: 00000002.00000002.2330278372.0000000004A99000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY |
Source: Yara match |
File source: 00000010.00000002.2330168207.00000000047A9000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY |
Source: Yara match |
File source: 0000000E.00000002.2478639571.00000000052E1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY |
Source: Yara match |
File source: 00000005.00000002.2243163643.00000278AB600000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY |
Source: Yara match |
File source: 0000000D.00000002.2254650455.0000025B712CB000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY |
Source: Yara match |
File source: 00000012.00000002.2478523985.0000000004CA2000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY |
Source: Yara match |
File source: 00000000.00000002.2053261362.0000022584B90000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY |
Source: Yara match |
File source: 00000011.00000002.2414793420.0000000004919000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY |
Source: Yara match |
File source: 00000005.00000002.2244717993.00000278AE3D1000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY |
Source: Yara match |
File source: 00000006.00000002.2201257984.000002A37F99F000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY |
Source: Yara match |
File source: Process Memory Space: SoundTune.exe PID: 4404, type: MEMORYSTR |
Source: Yara match |
File source: Process Memory Space: cmd.exe PID: 3252, type: MEMORYSTR |
Source: Yara match |
File source: Process Memory Space: SoundTune.exe PID: 6360, type: MEMORYSTR |
Source: Yara match |
File source: Process Memory Space: SoundTune.exe PID: 2448, type: MEMORYSTR |
Source: |
Binary string: D:\a\treesheets\treesheets\TS\TreeSheets.pdbP source: SoundTune.exe, 00000000.00000002.2052148275.0000022583B6A000.00000004.00000020.00020000.00000000.sdmp, SoundTune.exe, 00000000.00000002.2054568199.00007FF77A8E9000.00000002.00000001.01000000.00000003.sdmp, SoundTune.exe, 00000000.00000000.2036588675.00007FF77A8E9000.00000002.00000001.01000000.00000003.sdmp, SoundTune.exe, 00000005.00000002.2243607521.00000278AD563000.00000004.00000020.00020000.00000000.sdmp, SoundTune.exe, 00000005.00000000.2166738092.00007FF6FE3D9000.00000002.00000001.01000000.0000000A.sdmp, SoundTune.exe, 00000005.00000002.2246810793.00007FF6FE3D9000.00000002.00000001.01000000.0000000A.sdmp, SoundTune.exe, 00000006.00000002.2202817464.00007FF6FE3D9000.00000002.00000001.01000000.0000000A.sdmp, SoundTune.exe, 00000006.00000000.2168813639.00007FF6FE3D9000.00000002.00000001.01000000.0000000A.sdmp, SoundTune.exe, 00000006.00000002.2200022527.000002A37E98C000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: ntdll.pdb source: SoundTune.exe, 00000000.00000002.2053080712.00000225847BD000.00000004.00000020.00020000.00000000.sdmp, SoundTune.exe, 00000000.00000002.2053813920.00000225854C7000.00000004.00000001.00020000.00000000.sdmp, SoundTune.exe, 00000000.00000002.2053553749.00000225852C0000.00000004.00000800.00020000.00000000.sdmp, SoundTune.exe, 00000005.00000002.2245550366.00000278AE900000.00000004.00000800.00020000.00000000.sdmp, SoundTune.exe, 00000005.00000002.2243362804.00000278AB904000.00000004.00000020.00020000.00000000.sdmp, SoundTune.exe, 00000005.00000002.2245920757.00000278AEB03000.00000004.00000001.00020000.00000000.sdmp, SoundTune.exe, 00000006.00000002.2200873633.000002A37F5C2000.00000004.00000020.00020000.00000000.sdmp, SoundTune.exe, 00000006.00000002.2199453732.000002A30040E000.00000004.00000001.00020000.00000000.sdmp, SoundTune.exe, 00000006.00000002.2199258711.000002A300200000.00000004.00000800.00020000.00000000.sdmp |
Source: |
Binary string: wntdll.pdbUGP source: cmd.exe, 00000002.00000002.2330127502.00000000046F5000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000002.00000002.2330397398.0000000004B70000.00000004.00001000.00020000.00000000.sdmp |
Source: |
Binary string: ntdll.pdbUGP source: SoundTune.exe, 00000000.00000002.2053080712.00000225847BD000.00000004.00000020.00020000.00000000.sdmp, SoundTune.exe, 00000000.00000002.2053813920.00000225854C7000.00000004.00000001.00020000.00000000.sdmp, SoundTune.exe, 00000000.00000002.2053553749.00000225852C0000.00000004.00000800.00020000.00000000.sdmp, SoundTune.exe, 00000005.00000002.2245550366.00000278AE900000.00000004.00000800.00020000.00000000.sdmp, SoundTune.exe, 00000005.00000002.2243362804.00000278AB904000.00000004.00000020.00020000.00000000.sdmp, SoundTune.exe, 00000005.00000002.2245920757.00000278AEB03000.00000004.00000001.00020000.00000000.sdmp, SoundTune.exe, 00000006.00000002.2200873633.000002A37F5C2000.00000004.00000020.00020000.00000000.sdmp, SoundTune.exe, 00000006.00000002.2199453732.000002A30040E000.00000004.00000001.00020000.00000000.sdmp, SoundTune.exe, 00000006.00000002.2199258711.000002A300200000.00000004.00000800.00020000.00000000.sdmp |
Source: |
Binary string: wntdll.pdb source: cmd.exe, 00000002.00000002.2330127502.00000000046F5000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000002.00000002.2330397398.0000000004B70000.00000004.00001000.00020000.00000000.sdmp |
Source: |
Binary string: D:\a\treesheets\treesheets\TS\TreeSheets.pdb source: SoundTune.exe, 00000000.00000002.2052148275.0000022583B6A000.00000004.00000020.00020000.00000000.sdmp, SoundTune.exe, 00000000.00000002.2054568199.00007FF77A8E9000.00000002.00000001.01000000.00000003.sdmp, SoundTune.exe, 00000000.00000000.2036588675.00007FF77A8E9000.00000002.00000001.01000000.00000003.sdmp, SoundTune.exe, 00000005.00000002.2243607521.00000278AD563000.00000004.00000020.00020000.00000000.sdmp, SoundTune.exe, 00000005.00000000.2166738092.00007FF6FE3D9000.00000002.00000001.01000000.0000000A.sdmp, SoundTune.exe, 00000005.00000002.2246810793.00007FF6FE3D9000.00000002.00000001.01000000.0000000A.sdmp, SoundTune.exe, 00000006.00000002.2202817464.00007FF6FE3D9000.00000002.00000001.01000000.0000000A.sdmp, SoundTune.exe, 00000006.00000000.2168813639.00007FF6FE3D9000.00000002.00000001.01000000.0000000A.sdmp, SoundTune.exe, 00000006.00000002.2200022527.000002A37E98C000.00000004.00000020.00020000.00000000.sdmp |
Source: SoundTune.exe, 00000000.00000002.2053261362.0000022584B90000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000002.00000002.2330278372.0000000004A99000.00000004.00000800.00020000.00000000.sdmp, SoundTune.exe, 00000005.00000002.2244717993.00000278AE3D1000.00000004.00000020.00020000.00000000.sdmp, SoundTune.exe, 00000006.00000002.2201257984.000002A37F99F000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDCA-1.crt0 |
Source: SoundTune.exe, 00000000.00000002.2053261362.0000022584B90000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000002.00000002.2330278372.0000000004A99000.00000004.00000800.00020000.00000000.sdmp, SoundTune.exe, 00000005.00000002.2244717993.00000278AE3D1000.00000004.00000020.00020000.00000000.sdmp, SoundTune.exe, 00000006.00000002.2201257984.000002A37F99F000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDCodeSigningCA-1.crt0 |
Source: SoundTune.exe, 00000000.00000002.2053261362.0000022584B90000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000002.00000002.2330278372.0000000004A99000.00000004.00000800.00020000.00000000.sdmp, SoundTune.exe, 00000005.00000002.2244717993.00000278AE3D1000.00000004.00000020.00020000.00000000.sdmp, SoundTune.exe, 00000006.00000002.2201257984.000002A37F99F000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0 |
Source: SoundTune.exe, 00000000.00000002.2052148275.0000022583B6A000.00000004.00000020.00020000.00000000.sdmp, SoundTune.exe, 00000005.00000002.2243607521.00000278AD563000.00000004.00000020.00020000.00000000.sdmp, SoundTune.exe, 00000006.00000002.2200022527.000002A37E98C000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E |
Source: SoundTune.exe, 00000000.00000002.2053261362.0000022584B90000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000002.00000002.2330278372.0000000004A99000.00000004.00000800.00020000.00000000.sdmp, SoundTune.exe, 00000005.00000002.2244717993.00000278AE3D1000.00000004.00000020.00020000.00000000.sdmp, SoundTune.exe, 00000006.00000002.2201257984.000002A37F99F000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDTimestampingCA.crt0 |
Source: SoundTune.exe, 00000000.00000002.2052148275.0000022583B6A000.00000004.00000020.00020000.00000000.sdmp, SoundTune.exe, 00000005.00000002.2243607521.00000278AD563000.00000004.00000020.00020000.00000000.sdmp, SoundTune.exe, 00000006.00000002.2200022527.000002A37E98C000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0 |
Source: SoundTune.exe, 00000000.00000002.2052148275.0000022583B6A000.00000004.00000020.00020000.00000000.sdmp, SoundTune.exe, 00000005.00000002.2243607521.00000278AD563000.00000004.00000020.00020000.00000000.sdmp, SoundTune.exe, 00000006.00000002.2200022527.000002A37E98C000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0 |
Source: SoundTune.exe, 00000000.00000002.2052148275.0000022583B6A000.00000004.00000020.00020000.00000000.sdmp, SoundTune.exe, 00000005.00000002.2243607521.00000278AD563000.00000004.00000020.00020000.00000000.sdmp, SoundTune.exe, 00000006.00000002.2200022527.000002A37E98C000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C |
Source: SoundTune.exe, 00000000.00000002.2053261362.0000022584B90000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000002.00000002.2330278372.0000000004A99000.00000004.00000800.00020000.00000000.sdmp, SoundTune.exe, 00000005.00000002.2244717993.00000278AE3D1000.00000004.00000020.00020000.00000000.sdmp, SoundTune.exe, 00000006.00000002.2201257984.000002A37F99F000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDCA-1.crl08 |
Source: SoundTune.exe, 00000000.00000002.2052148275.0000022583B6A000.00000004.00000020.00020000.00000000.sdmp, SoundTune.exe, 00000005.00000002.2243607521.00000278AD563000.00000004.00000020.00020000.00000000.sdmp, SoundTune.exe, 00000006.00000002.2200022527.000002A37E98C000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0 |
Source: SoundTune.exe, 00000000.00000002.2053261362.0000022584B90000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000002.00000002.2330278372.0000000004A99000.00000004.00000800.00020000.00000000.sdmp, SoundTune.exe, 00000005.00000002.2244717993.00000278AE3D1000.00000004.00000020.00020000.00000000.sdmp, SoundTune.exe, 00000006.00000002.2201257984.000002A37F99F000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0: |
Source: SoundTune.exe, 00000000.00000002.2053261362.0000022584B90000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000002.00000002.2330278372.0000000004A99000.00000004.00000800.00020000.00000000.sdmp, SoundTune.exe, 00000005.00000002.2244717993.00000278AE3D1000.00000004.00000020.00020000.00000000.sdmp, SoundTune.exe, 00000006.00000002.2201257984.000002A37F99F000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0P |
Source: SoundTune.exe, 00000000.00000002.2052148275.0000022583B6A000.00000004.00000020.00020000.00000000.sdmp, SoundTune.exe, 00000005.00000002.2243607521.00000278AD563000.00000004.00000020.00020000.00000000.sdmp, SoundTune.exe, 00000006.00000002.2200022527.000002A37E98C000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S |
Source: SoundTune.exe, 00000000.00000002.2052148275.0000022583B6A000.00000004.00000020.00020000.00000000.sdmp, SoundTune.exe, 00000005.00000002.2243607521.00000278AD563000.00000004.00000020.00020000.00000000.sdmp, SoundTune.exe, 00000006.00000002.2200022527.000002A37E98C000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0 |
Source: SoundTune.exe, 00000006.00000002.2200022527.000002A37E98C000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0 |
Source: SoundTune.exe, 00000000.00000002.2053261362.0000022584B90000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000002.00000002.2330278372.0000000004A99000.00000004.00000800.00020000.00000000.sdmp, SoundTune.exe, 00000005.00000002.2244717993.00000278AE3D1000.00000004.00000020.00020000.00000000.sdmp, SoundTune.exe, 00000006.00000002.2201257984.000002A37F99F000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://crl3.digicert.com/assured-cs-g1.crl00 |
Source: SoundTune.exe, 00000000.00000002.2053261362.0000022584B90000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000002.00000002.2330278372.0000000004A99000.00000004.00000800.00020000.00000000.sdmp, SoundTune.exe, 00000005.00000002.2244717993.00000278AE3D1000.00000004.00000020.00020000.00000000.sdmp, SoundTune.exe, 00000006.00000002.2201257984.000002A37F99F000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://crl3.digicert.com/sha2-assured-ts.crl02 |
Source: SoundTune.exe, 00000000.00000002.2053261362.0000022584B90000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000002.00000002.2330278372.0000000004A99000.00000004.00000800.00020000.00000000.sdmp, SoundTune.exe, 00000005.00000002.2244717993.00000278AE3D1000.00000004.00000020.00020000.00000000.sdmp, SoundTune.exe, 00000006.00000002.2201257984.000002A37F99F000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDCA-1.crl0w |
Source: SoundTune.exe, 00000000.00000002.2053261362.0000022584B90000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000002.00000002.2330278372.0000000004A99000.00000004.00000800.00020000.00000000.sdmp, SoundTune.exe, 00000005.00000002.2244717993.00000278AE3D1000.00000004.00000020.00020000.00000000.sdmp, SoundTune.exe, 00000006.00000002.2201257984.000002A37F99F000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0 |
Source: SoundTune.exe, 00000000.00000002.2053261362.0000022584B90000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000002.00000002.2330278372.0000000004A99000.00000004.00000800.00020000.00000000.sdmp, SoundTune.exe, 00000005.00000002.2244717993.00000278AE3D1000.00000004.00000020.00020000.00000000.sdmp, SoundTune.exe, 00000006.00000002.2201257984.000002A37F99F000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0: |
Source: SoundTune.exe, 00000000.00000002.2052148275.0000022583B6A000.00000004.00000020.00020000.00000000.sdmp, SoundTune.exe, 00000005.00000002.2243607521.00000278AD563000.00000004.00000020.00020000.00000000.sdmp, SoundTune.exe, 00000006.00000002.2200022527.000002A37E98C000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0= |
Source: SoundTune.exe, 00000000.00000002.2053261362.0000022584B90000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000002.00000002.2330278372.0000000004A99000.00000004.00000800.00020000.00000000.sdmp, SoundTune.exe, 00000005.00000002.2244717993.00000278AE3D1000.00000004.00000020.00020000.00000000.sdmp, SoundTune.exe, 00000006.00000002.2201257984.000002A37F99F000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://crl4.digicert.com/assured-cs-g1.crl0L |
Source: SoundTune.exe, 00000000.00000002.2053261362.0000022584B90000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000002.00000002.2330278372.0000000004A99000.00000004.00000800.00020000.00000000.sdmp, SoundTune.exe, 00000005.00000002.2244717993.00000278AE3D1000.00000004.00000020.00020000.00000000.sdmp, SoundTune.exe, 00000006.00000002.2201257984.000002A37F99F000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://crl4.digicert.com/sha2-assured-ts.crl0 |
Source: SoundTune.exe, 00000000.00000002.2052148275.0000022583B6A000.00000004.00000020.00020000.00000000.sdmp, SoundTune.exe, 00000005.00000002.2243607521.00000278AD563000.00000004.00000020.00020000.00000000.sdmp, SoundTune.exe, 00000006.00000002.2200022527.000002A37E98C000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://ocsp.digicert.com0 |
Source: SoundTune.exe, 00000000.00000002.2052148275.0000022583B6A000.00000004.00000020.00020000.00000000.sdmp, SoundTune.exe, 00000000.00000002.2053261362.0000022584B90000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000002.00000002.2330278372.0000000004A99000.00000004.00000800.00020000.00000000.sdmp, SoundTune.exe, 00000005.00000002.2243607521.00000278AD563000.00000004.00000020.00020000.00000000.sdmp, SoundTune.exe, 00000005.00000002.2244717993.00000278AE3D1000.00000004.00000020.00020000.00000000.sdmp, SoundTune.exe, 00000006.00000002.2200022527.000002A37E98C000.00000004.00000020.00020000.00000000.sdmp, SoundTune.exe, 00000006.00000002.2201257984.000002A37F99F000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://ocsp.digicert.com0A |
Source: SoundTune.exe, 00000000.00000002.2052148275.0000022583B6A000.00000004.00000020.00020000.00000000.sdmp, SoundTune.exe, 00000000.00000002.2053261362.0000022584B90000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000002.00000002.2330278372.0000000004A99000.00000004.00000800.00020000.00000000.sdmp, SoundTune.exe, 00000005.00000002.2243607521.00000278AD563000.00000004.00000020.00020000.00000000.sdmp, SoundTune.exe, 00000005.00000002.2244717993.00000278AE3D1000.00000004.00000020.00020000.00000000.sdmp, SoundTune.exe, 00000006.00000002.2200022527.000002A37E98C000.00000004.00000020.00020000.00000000.sdmp, SoundTune.exe, 00000006.00000002.2201257984.000002A37F99F000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://ocsp.digicert.com0C |
Source: SoundTune.exe, 00000000.00000002.2053261362.0000022584B90000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000002.00000002.2330278372.0000000004A99000.00000004.00000800.00020000.00000000.sdmp, SoundTune.exe, 00000005.00000002.2244717993.00000278AE3D1000.00000004.00000020.00020000.00000000.sdmp, SoundTune.exe, 00000006.00000002.2201257984.000002A37F99F000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://ocsp.digicert.com0L |
Source: SoundTune.exe, 00000000.00000002.2053261362.0000022584B90000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000002.00000002.2330278372.0000000004A99000.00000004.00000800.00020000.00000000.sdmp, SoundTune.exe, 00000005.00000002.2244717993.00000278AE3D1000.00000004.00000020.00020000.00000000.sdmp, SoundTune.exe, 00000006.00000002.2201257984.000002A37F99F000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://ocsp.digicert.com0O |
Source: SoundTune.exe, 00000000.00000002.2052148275.0000022583B6A000.00000004.00000020.00020000.00000000.sdmp, SoundTune.exe, 00000005.00000002.2243607521.00000278AD563000.00000004.00000020.00020000.00000000.sdmp, SoundTune.exe, 00000006.00000002.2200022527.000002A37E98C000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://ocsp.digicert.com0X |
Source: SoundTune.exe, 00000000.00000002.2053261362.0000022584B90000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000002.00000002.2330278372.0000000004A99000.00000004.00000800.00020000.00000000.sdmp, SoundTune.exe, 00000005.00000002.2244717993.00000278AE3D1000.00000004.00000020.00020000.00000000.sdmp, SoundTune.exe, 00000006.00000002.2201257984.000002A37F99F000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://s1.symcb.com/pca3-g5.crl0 |
Source: SoundTune.exe, 00000000.00000002.2053261362.0000022584B90000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000002.00000002.2330278372.0000000004A99000.00000004.00000800.00020000.00000000.sdmp, SoundTune.exe, 00000005.00000002.2244717993.00000278AE3D1000.00000004.00000020.00020000.00000000.sdmp, SoundTune.exe, 00000006.00000002.2201257984.000002A37F99F000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://s2.symcb.com0 |
Source: SoundTune.exe, 00000000.00000002.2053261362.0000022584B90000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000002.00000002.2330278372.0000000004A99000.00000004.00000800.00020000.00000000.sdmp, SoundTune.exe, 00000005.00000002.2244717993.00000278AE3D1000.00000004.00000020.00020000.00000000.sdmp, SoundTune.exe, 00000006.00000002.2201257984.000002A37F99F000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://sv.symcb.com/sv.crl0a |
Source: SoundTune.exe, 00000000.00000002.2053261362.0000022584B90000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000002.00000002.2330278372.0000000004A99000.00000004.00000800.00020000.00000000.sdmp, SoundTune.exe, 00000005.00000002.2244717993.00000278AE3D1000.00000004.00000020.00020000.00000000.sdmp, SoundTune.exe, 00000006.00000002.2201257984.000002A37F99F000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://sv.symcb.com/sv.crt0 |
Source: SoundTune.exe, 00000000.00000002.2053261362.0000022584B90000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000002.00000002.2330278372.0000000004A99000.00000004.00000800.00020000.00000000.sdmp, SoundTune.exe, 00000005.00000002.2244717993.00000278AE3D1000.00000004.00000020.00020000.00000000.sdmp, SoundTune.exe, 00000006.00000002.2201257984.000002A37F99F000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://sv.symcd.com0& |
Source: SoundTune.exe, 00000000.00000002.2052148275.0000022583B6A000.00000004.00000020.00020000.00000000.sdmp, SoundTune.exe, 00000005.00000002.2243607521.00000278AD563000.00000004.00000020.00020000.00000000.sdmp, SoundTune.exe, 00000006.00000002.2200022527.000002A37E98C000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://www.digicert.com/CPS0 |
Source: SoundTune.exe, 00000000.00000002.2053261362.0000022584B90000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000002.00000002.2330278372.0000000004A99000.00000004.00000800.00020000.00000000.sdmp, SoundTune.exe, 00000005.00000002.2244717993.00000278AE3D1000.00000004.00000020.00020000.00000000.sdmp, SoundTune.exe, 00000006.00000002.2201257984.000002A37F99F000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://www.digicert.com/ssl-cps-repository.htm0 |
Source: SoundTune.exe, 00000000.00000002.2053261362.0000022584A36000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000002.00000002.2330278372.0000000004A50000.00000004.00000800.00020000.00000000.sdmp, SoundTune.exe, 00000005.00000002.2244717993.00000278AE277000.00000004.00000020.00020000.00000000.sdmp, SoundTune.exe, 00000006.00000002.2201257984.000002A37F845000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://www.info-zip.org/ |
Source: SoundTune.exe, 00000000.00000002.2053261362.0000022584B90000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000002.00000002.2330278372.0000000004A99000.00000004.00000800.00020000.00000000.sdmp, SoundTune.exe, 00000005.00000002.2244717993.00000278AE3D1000.00000004.00000020.00020000.00000000.sdmp, SoundTune.exe, 00000006.00000002.2201257984.000002A37F99F000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://www.symauth.com/cps0( |
Source: SoundTune.exe, 00000000.00000002.2053261362.0000022584B90000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000002.00000002.2330278372.0000000004A99000.00000004.00000800.00020000.00000000.sdmp, SoundTune.exe, 00000005.00000002.2244717993.00000278AE3D1000.00000004.00000020.00020000.00000000.sdmp, SoundTune.exe, 00000006.00000002.2201257984.000002A37F99F000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://www.symauth.com/rpa00 |
Source: SoundTune.exe, 00000000.00000002.2053261362.0000022584B90000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000002.00000002.2330278372.0000000004A99000.00000004.00000800.00020000.00000000.sdmp, SoundTune.exe, 00000005.00000002.2244717993.00000278AE3D1000.00000004.00000020.00020000.00000000.sdmp, SoundTune.exe, 00000006.00000002.2201257984.000002A37F99F000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://www.vmware.com/0 |
Source: SoundTune.exe, 00000000.00000002.2053261362.0000022584B90000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000002.00000002.2330278372.0000000004A99000.00000004.00000800.00020000.00000000.sdmp, SoundTune.exe, 00000005.00000002.2244717993.00000278AE3D1000.00000004.00000020.00020000.00000000.sdmp, SoundTune.exe, 00000006.00000002.2201257984.000002A37F99F000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://www.vmware.com/0/ |
Source: SoundTune.exe, 00000000.00000002.2052148275.0000022583B6A000.00000004.00000020.00020000.00000000.sdmp, SoundTune.exe, 00000005.00000002.2243607521.00000278AD563000.00000004.00000020.00020000.00000000.sdmp, SoundTune.exe, 00000006.00000002.2200022527.000002A37E98C000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://bitsum.com0/ |
Source: SoundTune.exe, 00000000.00000002.2053261362.0000022584B90000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000002.00000002.2330278372.0000000004A99000.00000004.00000800.00020000.00000000.sdmp, SoundTune.exe, 00000005.00000002.2244717993.00000278AE3D1000.00000004.00000020.00020000.00000000.sdmp, SoundTune.exe, 00000006.00000002.2201257984.000002A37F99F000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://d.symcb.com/cps0% |
Source: SoundTune.exe, 00000000.00000002.2053261362.0000022584B90000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000002.00000002.2330278372.0000000004A99000.00000004.00000800.00020000.00000000.sdmp, SoundTune.exe, 00000005.00000002.2244717993.00000278AE3D1000.00000004.00000020.00020000.00000000.sdmp, SoundTune.exe, 00000006.00000002.2201257984.000002A37F99F000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://d.symcb.com/rpa0 |
Source: SoundTune.exe, 00000000.00000002.2052148275.0000022583B6A000.00000004.00000020.00020000.00000000.sdmp, SoundTune.exe, 00000000.00000002.2054568199.00007FF77A8E9000.00000002.00000001.01000000.00000003.sdmp, SoundTune.exe, 00000000.00000000.2036588675.00007FF77A8E9000.00000002.00000001.01000000.00000003.sdmp, SoundTune.exe, 00000005.00000002.2243607521.00000278AD563000.00000004.00000020.00020000.00000000.sdmp, SoundTune.exe, 00000005.00000000.2166738092.00007FF6FE3D9000.00000002.00000001.01000000.0000000A.sdmp, SoundTune.exe, 00000005.00000002.2246810793.00007FF6FE3D9000.00000002.00000001.01000000.0000000A.sdmp, SoundTune.exe, 00000006.00000002.2202817464.00007FF6FE3D9000.00000002.00000001.01000000.0000000A.sdmp, SoundTune.exe, 00000006.00000000.2168813639.00007FF6FE3D9000.00000002.00000001.01000000.0000000A.sdmp, SoundTune.exe, 00000006.00000002.2200022527.000002A37E98C000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://docs.wxwidgets.org/latest/classwx_system_options.html |
Source: SoundTune.exe, 00000000.00000002.2052148275.0000022583B6A000.00000004.00000020.00020000.00000000.sdmp, SoundTune.exe, 00000000.00000002.2054568199.00007FF77A8E9000.00000002.00000001.01000000.00000003.sdmp, SoundTune.exe, 00000000.00000000.2036588675.00007FF77A8E9000.00000002.00000001.01000000.00000003.sdmp, SoundTune.exe, 00000005.00000002.2243607521.00000278AD563000.00000004.00000020.00020000.00000000.sdmp, SoundTune.exe, 00000005.00000000.2166738092.00007FF6FE3D9000.00000002.00000001.01000000.0000000A.sdmp, SoundTune.exe, 00000005.00000002.2246810793.00007FF6FE3D9000.00000002.00000001.01000000.0000000A.sdmp, SoundTune.exe, 00000006.00000002.2202817464.00007FF6FE3D9000.00000002.00000001.01000000.0000000A.sdmp, SoundTune.exe, 00000006.00000000.2168813639.00007FF6FE3D9000.00000002.00000001.01000000.0000000A.sdmp, SoundTune.exe, 00000006.00000002.2200022527.000002A37E98C000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://docs.wxwidgets.org/latest/plat_msw_install.html#msw_manifest |
Source: SoundTune.exe, 00000000.00000002.2053261362.0000022584B90000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000002.00000002.2330278372.0000000004A99000.00000004.00000800.00020000.00000000.sdmp, SoundTune.exe, 00000005.00000002.2244717993.00000278AE3D1000.00000004.00000020.00020000.00000000.sdmp, SoundTune.exe, 00000006.00000002.2201257984.000002A37F99F000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://www.digicert.com/CPS0 |
Source: 5.2.SoundTune.exe.278ae41be5f.1.raw.unpack, type: UNPACKEDPE |
Matched rule: Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) Author: ditekSHen |
Source: 6.2.SoundTune.exe.2a37f9e925f.3.raw.unpack, type: UNPACKEDPE |
Matched rule: Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) Author: ditekSHen |
Source: 14.2.cmd.exe.532b378.3.raw.unpack, type: UNPACKEDPE |
Matched rule: Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) Author: ditekSHen |
Source: 16.2.explorer.exe.47f3f78.3.raw.unpack, type: UNPACKEDPE |
Matched rule: Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) Author: ditekSHen |
Source: 18.2.explorer.exe.4ca8a8a.5.raw.unpack, type: UNPACKEDPE |
Matched rule: Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) Author: ditekSHen |
Source: 0.2.SoundTune.exe.22584b96971.5.raw.unpack, type: UNPACKEDPE |
Matched rule: Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) Author: ditekSHen |
Source: 16.2.explorer.exe.47afa8a.2.raw.unpack, type: UNPACKEDPE |
Matched rule: Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) Author: ditekSHen |
Source: 17.2.explorer.exe.491fa8a.5.raw.unpack, type: UNPACKEDPE |
Matched rule: Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) Author: ditekSHen |
Source: 0.2.SoundTune.exe.22584bdae5f.2.raw.unpack, type: UNPACKEDPE |
Matched rule: Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) Author: ditekSHen |
Source: 2.2.cmd.exe.4ae3378.3.raw.unpack, type: UNPACKEDPE |
Matched rule: Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) Author: ditekSHen |
Source: 5.2.SoundTune.exe.278ae41b25f.3.raw.unpack, type: UNPACKEDPE |
Matched rule: Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) Author: ditekSHen |
Source: 6.2.SoundTune.exe.2a37f9e9e5f.4.raw.unpack, type: UNPACKEDPE |
Matched rule: Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) Author: ditekSHen |
Source: 14.2.cmd.exe.532bf78.4.raw.unpack, type: UNPACKEDPE |
Matched rule: Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) Author: ditekSHen |
Source: 7.2.cmd.exe.5465378.2.raw.unpack, type: UNPACKEDPE |
Matched rule: Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) Author: ditekSHen |
Source: 7.2.cmd.exe.5465f78.4.raw.unpack, type: UNPACKEDPE |
Matched rule: Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) Author: ditekSHen |
Source: 17.2.explorer.exe.4963378.4.raw.unpack, type: UNPACKEDPE |
Matched rule: Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) Author: ditekSHen |
Source: 18.2.explorer.exe.4cec378.3.raw.unpack, type: UNPACKEDPE |
Matched rule: Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) Author: ditekSHen |
Source: 13.2.SoundTune.exe.25b71315e5f.5.raw.unpack, type: UNPACKEDPE |
Matched rule: Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) Author: ditekSHen |
Source: 0.2.SoundTune.exe.22584bda25f.3.raw.unpack, type: UNPACKEDPE |
Matched rule: Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) Author: ditekSHen |
Source: 2.2.cmd.exe.4a9fa8a.4.raw.unpack, type: UNPACKEDPE |
Matched rule: Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) Author: ditekSHen |
Source: 2.2.cmd.exe.4ae3f78.2.raw.unpack, type: UNPACKEDPE |
Matched rule: Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) Author: ditekSHen |
Source: 7.2.cmd.exe.5421a8a.5.raw.unpack, type: UNPACKEDPE |
Matched rule: Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) Author: ditekSHen |
Source: 16.2.explorer.exe.47f3378.5.raw.unpack, type: UNPACKEDPE |
Matched rule: Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) Author: ditekSHen |
Source: 13.2.SoundTune.exe.25b7131525f.4.raw.unpack, type: UNPACKEDPE |
Matched rule: Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) Author: ditekSHen |
Source: 18.2.explorer.exe.4cecf78.2.raw.unpack, type: UNPACKEDPE |
Matched rule: Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) Author: ditekSHen |
Source: 17.2.explorer.exe.4963f78.2.raw.unpack, type: UNPACKEDPE |
Matched rule: Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) Author: ditekSHen |
Source: 6.2.SoundTune.exe.2a37f9a5971.5.raw.unpack, type: UNPACKEDPE |
Matched rule: Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) Author: ditekSHen |
Source: 13.2.SoundTune.exe.25b712d1971.3.raw.unpack, type: UNPACKEDPE |
Matched rule: Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) Author: ditekSHen |
Source: 5.2.SoundTune.exe.278ae3d7971.2.raw.unpack, type: UNPACKEDPE |
Matched rule: Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) Author: ditekSHen |
Source: 14.2.cmd.exe.52e7a8a.2.raw.unpack, type: UNPACKEDPE |
Matched rule: Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) Author: ditekSHen |
Source: 5.2.SoundTune.exe.278ae41be5f.1.raw.unpack, type: UNPACKEDPE |
Matched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) |
Source: 6.2.SoundTune.exe.2a37f9e925f.3.raw.unpack, type: UNPACKEDPE |
Matched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) |
Source: 14.2.cmd.exe.532b378.3.raw.unpack, type: UNPACKEDPE |
Matched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) |
Source: 16.2.explorer.exe.47f3f78.3.raw.unpack, type: UNPACKEDPE |
Matched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) |
Source: 18.2.explorer.exe.4ca8a8a.5.raw.unpack, type: UNPACKEDPE |
Matched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) |
Source: 0.2.SoundTune.exe.22584b96971.5.raw.unpack, type: UNPACKEDPE |
Matched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) |
Source: 16.2.explorer.exe.47afa8a.2.raw.unpack, type: UNPACKEDPE |
Matched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) |
Source: 17.2.explorer.exe.491fa8a.5.raw.unpack, type: UNPACKEDPE |
Matched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) |
Source: 0.2.SoundTune.exe.22584bdae5f.2.raw.unpack, type: UNPACKEDPE |
Matched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) |
Source: 2.2.cmd.exe.4ae3378.3.raw.unpack, type: UNPACKEDPE |
Matched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) |
Source: 5.2.SoundTune.exe.278ae41b25f.3.raw.unpack, type: UNPACKEDPE |
Matched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) |
Source: 6.2.SoundTune.exe.2a37f9e9e5f.4.raw.unpack, type: UNPACKEDPE |
Matched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) |
Source: 14.2.cmd.exe.532bf78.4.raw.unpack, type: UNPACKEDPE |
Matched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) |
Source: 7.2.cmd.exe.5465378.2.raw.unpack, type: UNPACKEDPE |
Matched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) |
Source: 7.2.cmd.exe.5465f78.4.raw.unpack, type: UNPACKEDPE |
Matched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) |
Source: 17.2.explorer.exe.4963378.4.raw.unpack, type: UNPACKEDPE |
Matched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) |
Source: 18.2.explorer.exe.4cec378.3.raw.unpack, type: UNPACKEDPE |
Matched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) |
Source: 13.2.SoundTune.exe.25b71315e5f.5.raw.unpack, type: UNPACKEDPE |
Matched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) |
Source: 0.2.SoundTune.exe.22584bda25f.3.raw.unpack, type: UNPACKEDPE |
Matched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) |
Source: 2.2.cmd.exe.4a9fa8a.4.raw.unpack, type: UNPACKEDPE |
Matched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) |
Source: 2.2.cmd.exe.4ae3f78.2.raw.unpack, type: UNPACKEDPE |
Matched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) |
Source: 7.2.cmd.exe.5421a8a.5.raw.unpack, type: UNPACKEDPE |
Matched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) |
Source: 16.2.explorer.exe.47f3378.5.raw.unpack, type: UNPACKEDPE |
Matched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) |
Source: 13.2.SoundTune.exe.25b7131525f.4.raw.unpack, type: UNPACKEDPE |
Matched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) |
Source: 18.2.explorer.exe.4cecf78.2.raw.unpack, type: UNPACKEDPE |
Matched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) |
Source: 17.2.explorer.exe.4963f78.2.raw.unpack, type: UNPACKEDPE |
Matched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) |
Source: 6.2.SoundTune.exe.2a37f9a5971.5.raw.unpack, type: UNPACKEDPE |
Matched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) |
Source: 13.2.SoundTune.exe.25b712d1971.3.raw.unpack, type: UNPACKEDPE |
Matched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) |
Source: 5.2.SoundTune.exe.278ae3d7971.2.raw.unpack, type: UNPACKEDPE |
Matched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) |
Source: 14.2.cmd.exe.52e7a8a.2.raw.unpack, type: UNPACKEDPE |
Matched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) |
Source: C:\Users\user\Desktop\SoundTune.exe |
Section loaded: apphelp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SoundTune.exe |
Section loaded: oleacc.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SoundTune.exe |
Section loaded: uxtheme.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SoundTune.exe |
Section loaded: version.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SoundTune.exe |
Section loaded: msimg32.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SoundTune.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SoundTune.exe |
Section loaded: sspicli.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SoundTune.exe |
Section loaded: winhttp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SoundTune.exe |
Section loaded: windowscodecs.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SoundTune.exe |
Section loaded: pla.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SoundTune.exe |
Section loaded: pdh.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SoundTune.exe |
Section loaded: tdh.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SoundTune.exe |
Section loaded: cabinet.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SoundTune.exe |
Section loaded: wevtapi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SoundTune.exe |
Section loaded: shdocvw.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\cmd.exe |
Section loaded: winbrand.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\cmd.exe |
Section loaded: wldp.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\cmd.exe |
Section loaded: shdocvw.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\cmd.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\cmd.exe |
Section loaded: bitsproxy.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\cmd.exe |
Section loaded: taskschd.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\cmd.exe |
Section loaded: sspicli.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\cmd.exe |
Section loaded: xmllite.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\cmd.exe |
Section loaded: mstask.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\cmd.exe |
Section loaded: windows.storage.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\cmd.exe |
Section loaded: wldp.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\cmd.exe |
Section loaded: mpr.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\updatefa\SoundTune.exe |
Section loaded: apphelp.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\updatefa\SoundTune.exe |
Section loaded: oleacc.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\updatefa\SoundTune.exe |
Section loaded: uxtheme.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\updatefa\SoundTune.exe |
Section loaded: version.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\updatefa\SoundTune.exe |
Section loaded: msimg32.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\updatefa\SoundTune.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\updatefa\SoundTune.exe |
Section loaded: sspicli.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\updatefa\SoundTune.exe |
Section loaded: duser.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\updatefa\SoundTune.exe |
Section loaded: xmllite.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\updatefa\SoundTune.exe |
Section loaded: atlthunk.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\updatefa\SoundTune.exe |
Section loaded: textshaping.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\updatefa\SoundTune.exe |
Section loaded: textinputframework.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\updatefa\SoundTune.exe |
Section loaded: coreuicomponents.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\updatefa\SoundTune.exe |
Section loaded: coremessaging.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\updatefa\SoundTune.exe |
Section loaded: ntmarta.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\updatefa\SoundTune.exe |
Section loaded: coremessaging.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\updatefa\SoundTune.exe |
Section loaded: wintypes.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\updatefa\SoundTune.exe |
Section loaded: wintypes.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\updatefa\SoundTune.exe |
Section loaded: wintypes.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\updatefa\SoundTune.exe |
Section loaded: winhttp.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\updatefa\SoundTune.exe |
Section loaded: windowscodecs.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\updatefa\SoundTune.exe |
Section loaded: pla.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\updatefa\SoundTune.exe |
Section loaded: pdh.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\updatefa\SoundTune.exe |
Section loaded: tdh.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\updatefa\SoundTune.exe |
Section loaded: cabinet.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\updatefa\SoundTune.exe |
Section loaded: wevtapi.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\updatefa\SoundTune.exe |
Section loaded: shdocvw.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\updatefa\SoundTune.exe |
Section loaded: msftedit.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\updatefa\SoundTune.exe |
Section loaded: comsvcs.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\updatefa\SoundTune.exe |
Section loaded: cryptsp.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\updatefa\SoundTune.exe |
Section loaded: rsaenh.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\updatefa\SoundTune.exe |
Section loaded: cryptbase.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\updatefa\SoundTune.exe |
Section loaded: cmlua.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\updatefa\SoundTune.exe |
Section loaded: cmutil.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\updatefa\SoundTune.exe |
Section loaded: oleacc.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\updatefa\SoundTune.exe |
Section loaded: uxtheme.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\updatefa\SoundTune.exe |
Section loaded: version.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\updatefa\SoundTune.exe |
Section loaded: msimg32.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\updatefa\SoundTune.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\updatefa\SoundTune.exe |
Section loaded: sspicli.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\updatefa\SoundTune.exe |
Section loaded: winhttp.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\updatefa\SoundTune.exe |
Section loaded: windowscodecs.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\updatefa\SoundTune.exe |
Section loaded: pla.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\updatefa\SoundTune.exe |
Section loaded: pdh.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\updatefa\SoundTune.exe |
Section loaded: tdh.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\updatefa\SoundTune.exe |
Section loaded: cabinet.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\updatefa\SoundTune.exe |
Section loaded: wevtapi.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\updatefa\SoundTune.exe |
Section loaded: shdocvw.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\cmd.exe |
Section loaded: winbrand.dll |
|
Source: C:\Windows\SysWOW64\cmd.exe |
Section loaded: wldp.dll |
|
Source: C:\Windows\SysWOW64\cmd.exe |
Section loaded: shdocvw.dll |
|
Source: C:\Windows\SysWOW64\cmd.exe |
Section loaded: kernel.appcore.dll |
|
Source: C:\Windows\SysWOW64\cmd.exe |
Section loaded: uxtheme.dll |
|
Source: C:\Windows\SysWOW64\cmd.exe |
Section loaded: mstask.dll |
|
Source: C:\Users\user\AppData\Roaming\updatefa\SoundTune.exe |
Section loaded: oleacc.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\updatefa\SoundTune.exe |
Section loaded: uxtheme.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\updatefa\SoundTune.exe |
Section loaded: version.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\updatefa\SoundTune.exe |
Section loaded: msimg32.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\updatefa\SoundTune.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\updatefa\SoundTune.exe |
Section loaded: sspicli.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\updatefa\SoundTune.exe |
Section loaded: winhttp.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\updatefa\SoundTune.exe |
Section loaded: windowscodecs.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\updatefa\SoundTune.exe |
Section loaded: pla.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\updatefa\SoundTune.exe |
Section loaded: pdh.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\updatefa\SoundTune.exe |
Section loaded: tdh.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\updatefa\SoundTune.exe |
Section loaded: cabinet.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\updatefa\SoundTune.exe |
Section loaded: wevtapi.dll |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\updatefa\SoundTune.exe |
Section loaded: shdocvw.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\cmd.exe |
Section loaded: winbrand.dll |
|
Source: C:\Windows\SysWOW64\cmd.exe |
Section loaded: wldp.dll |
|
Source: C:\Windows\SysWOW64\cmd.exe |
Section loaded: shdocvw.dll |
|
Source: C:\Windows\SysWOW64\cmd.exe |
Section loaded: kernel.appcore.dll |
|
Source: C:\Windows\SysWOW64\cmd.exe |
Section loaded: uxtheme.dll |
|
Source: C:\Windows\SysWOW64\cmd.exe |
Section loaded: mstask.dll |
|
Source: C:\Windows\SysWOW64\explorer.exe |
Section loaded: aepic.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\explorer.exe |
Section loaded: twinapi.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\explorer.exe |
Section loaded: userenv.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\explorer.exe |
Section loaded: iphlpapi.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\explorer.exe |
Section loaded: powrprof.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\explorer.exe |
Section loaded: windows.storage.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\explorer.exe |
Section loaded: dxgi.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\explorer.exe |
Section loaded: windows.storage.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\explorer.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\explorer.exe |
Section loaded: propsys.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\explorer.exe |
Section loaded: coremessaging.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\explorer.exe |
Section loaded: urlmon.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\explorer.exe |
Section loaded: windows.storage.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\explorer.exe |
Section loaded: windows.storage.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\explorer.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\explorer.exe |
Section loaded: wtsapi32.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\explorer.exe |
Section loaded: wininet.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\explorer.exe |
Section loaded: uxtheme.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\explorer.exe |
Section loaded: dwmapi.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\explorer.exe |
Section loaded: sspicli.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\explorer.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\explorer.exe |
Section loaded: twinapi.appcore.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\explorer.exe |
Section loaded: wldp.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\explorer.exe |
Section loaded: ntmarta.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\explorer.exe |
Section loaded: iertutil.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\explorer.exe |
Section loaded: srvcli.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\explorer.exe |
Section loaded: netutils.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\explorer.exe |
Section loaded: cryptsp.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\explorer.exe |
Section loaded: umpdc.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\explorer.exe |
Section loaded: shdocvw.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\explorer.exe |
Section loaded: aepic.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\explorer.exe |
Section loaded: twinapi.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\explorer.exe |
Section loaded: userenv.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\explorer.exe |
Section loaded: ntmarta.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\explorer.exe |
Section loaded: iphlpapi.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\explorer.exe |
Section loaded: powrprof.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\explorer.exe |
Section loaded: cryptsp.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\explorer.exe |
Section loaded: windows.storage.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\explorer.exe |
Section loaded: dxgi.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\explorer.exe |
Section loaded: windows.storage.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\explorer.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\explorer.exe |
Section loaded: propsys.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\explorer.exe |
Section loaded: coremessaging.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\explorer.exe |
Section loaded: urlmon.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\explorer.exe |
Section loaded: windows.storage.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\explorer.exe |
Section loaded: windows.storage.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\explorer.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\explorer.exe |
Section loaded: wtsapi32.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\explorer.exe |
Section loaded: wininet.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\explorer.exe |
Section loaded: uxtheme.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\explorer.exe |
Section loaded: dwmapi.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\explorer.exe |
Section loaded: sspicli.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\explorer.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\explorer.exe |
Section loaded: twinapi.appcore.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\explorer.exe |
Section loaded: wldp.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\explorer.exe |
Section loaded: iertutil.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\explorer.exe |
Section loaded: srvcli.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\explorer.exe |
Section loaded: netutils.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\explorer.exe |
Section loaded: umpdc.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\explorer.exe |
Section loaded: shdocvw.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\explorer.exe |
Section loaded: aepic.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\explorer.exe |
Section loaded: twinapi.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\explorer.exe |
Section loaded: userenv.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\explorer.exe |
Section loaded: iphlpapi.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\explorer.exe |
Section loaded: powrprof.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\explorer.exe |
Section loaded: windows.storage.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\explorer.exe |
Section loaded: dxgi.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\explorer.exe |
Section loaded: windows.storage.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\explorer.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\explorer.exe |
Section loaded: propsys.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\explorer.exe |
Section loaded: coremessaging.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\explorer.exe |
Section loaded: urlmon.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\explorer.exe |
Section loaded: windows.storage.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\explorer.exe |
Section loaded: windows.storage.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\explorer.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\explorer.exe |
Section loaded: wtsapi32.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\explorer.exe |
Section loaded: wininet.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\explorer.exe |
Section loaded: uxtheme.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\explorer.exe |
Section loaded: dwmapi.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\explorer.exe |
Section loaded: sspicli.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\explorer.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\explorer.exe |
Section loaded: twinapi.appcore.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\explorer.exe |
Section loaded: ntmarta.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\explorer.exe |
Section loaded: cryptsp.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\explorer.exe |
Section loaded: wldp.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\explorer.exe |
Section loaded: iertutil.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\explorer.exe |
Section loaded: srvcli.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\explorer.exe |
Section loaded: netutils.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\explorer.exe |
Section loaded: umpdc.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\explorer.exe |
Section loaded: shdocvw.dll |
Jump to behavior |
Source: |
Binary string: D:\a\treesheets\treesheets\TS\TreeSheets.pdbP source: SoundTune.exe, 00000000.00000002.2052148275.0000022583B6A000.00000004.00000020.00020000.00000000.sdmp, SoundTune.exe, 00000000.00000002.2054568199.00007FF77A8E9000.00000002.00000001.01000000.00000003.sdmp, SoundTune.exe, 00000000.00000000.2036588675.00007FF77A8E9000.00000002.00000001.01000000.00000003.sdmp, SoundTune.exe, 00000005.00000002.2243607521.00000278AD563000.00000004.00000020.00020000.00000000.sdmp, SoundTune.exe, 00000005.00000000.2166738092.00007FF6FE3D9000.00000002.00000001.01000000.0000000A.sdmp, SoundTune.exe, 00000005.00000002.2246810793.00007FF6FE3D9000.00000002.00000001.01000000.0000000A.sdmp, SoundTune.exe, 00000006.00000002.2202817464.00007FF6FE3D9000.00000002.00000001.01000000.0000000A.sdmp, SoundTune.exe, 00000006.00000000.2168813639.00007FF6FE3D9000.00000002.00000001.01000000.0000000A.sdmp, SoundTune.exe, 00000006.00000002.2200022527.000002A37E98C000.00000004.00000020.00020000.00000000.sdmp |
Source: |
Binary string: ntdll.pdb source: SoundTune.exe, 00000000.00000002.2053080712.00000225847BD000.00000004.00000020.00020000.00000000.sdmp, SoundTune.exe, 00000000.00000002.2053813920.00000225854C7000.00000004.00000001.00020000.00000000.sdmp, SoundTune.exe, 00000000.00000002.2053553749.00000225852C0000.00000004.00000800.00020000.00000000.sdmp, SoundTune.exe, 00000005.00000002.2245550366.00000278AE900000.00000004.00000800.00020000.00000000.sdmp, SoundTune.exe, 00000005.00000002.2243362804.00000278AB904000.00000004.00000020.00020000.00000000.sdmp, SoundTune.exe, 00000005.00000002.2245920757.00000278AEB03000.00000004.00000001.00020000.00000000.sdmp, SoundTune.exe, 00000006.00000002.2200873633.000002A37F5C2000.00000004.00000020.00020000.00000000.sdmp, SoundTune.exe, 00000006.00000002.2199453732.000002A30040E000.00000004.00000001.00020000.00000000.sdmp, SoundTune.exe, 00000006.00000002.2199258711.000002A300200000.00000004.00000800.00020000.00000000.sdmp |
Source: |
Binary string: wntdll.pdbUGP source: cmd.exe, 00000002.00000002.2330127502.00000000046F5000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000002.00000002.2330397398.0000000004B70000.00000004.00001000.00020000.00000000.sdmp |
Source: |
Binary string: ntdll.pdbUGP source: SoundTune.exe, 00000000.00000002.2053080712.00000225847BD000.00000004.00000020.00020000.00000000.sdmp, SoundTune.exe, 00000000.00000002.2053813920.00000225854C7000.00000004.00000001.00020000.00000000.sdmp, SoundTune.exe, 00000000.00000002.2053553749.00000225852C0000.00000004.00000800.00020000.00000000.sdmp, SoundTune.exe, 00000005.00000002.2245550366.00000278AE900000.00000004.00000800.00020000.00000000.sdmp, SoundTune.exe, 00000005.00000002.2243362804.00000278AB904000.00000004.00000020.00020000.00000000.sdmp, SoundTune.exe, 00000005.00000002.2245920757.00000278AEB03000.00000004.00000001.00020000.00000000.sdmp, SoundTune.exe, 00000006.00000002.2200873633.000002A37F5C2000.00000004.00000020.00020000.00000000.sdmp, SoundTune.exe, 00000006.00000002.2199453732.000002A30040E000.00000004.00000001.00020000.00000000.sdmp, SoundTune.exe, 00000006.00000002.2199258711.000002A300200000.00000004.00000800.00020000.00000000.sdmp |
Source: |
Binary string: wntdll.pdb source: cmd.exe, 00000002.00000002.2330127502.00000000046F5000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000002.00000002.2330397398.0000000004B70000.00000004.00001000.00020000.00000000.sdmp |
Source: |
Binary string: D:\a\treesheets\treesheets\TS\TreeSheets.pdb source: SoundTune.exe, 00000000.00000002.2052148275.0000022583B6A000.00000004.00000020.00020000.00000000.sdmp, SoundTune.exe, 00000000.00000002.2054568199.00007FF77A8E9000.00000002.00000001.01000000.00000003.sdmp, SoundTune.exe, 00000000.00000000.2036588675.00007FF77A8E9000.00000002.00000001.01000000.00000003.sdmp, SoundTune.exe, 00000005.00000002.2243607521.00000278AD563000.00000004.00000020.00020000.00000000.sdmp, SoundTune.exe, 00000005.00000000.2166738092.00007FF6FE3D9000.00000002.00000001.01000000.0000000A.sdmp, SoundTune.exe, 00000005.00000002.2246810793.00007FF6FE3D9000.00000002.00000001.01000000.0000000A.sdmp, SoundTune.exe, 00000006.00000002.2202817464.00007FF6FE3D9000.00000002.00000001.01000000.0000000A.sdmp, SoundTune.exe, 00000006.00000000.2168813639.00007FF6FE3D9000.00000002.00000001.01000000.0000000A.sdmp, SoundTune.exe, 00000006.00000002.2200022527.000002A37E98C000.00000004.00000020.00020000.00000000.sdmp |
Source: C:\Users\user\AppData\Roaming\updatefa\SoundTune.exe |
Code function: 5_2_0000009AC39CAAF7 pushfd ; ret |
5_2_0000009AC39CAB1B |
Source: C:\Users\user\AppData\Roaming\updatefa\SoundTune.exe |
Code function: 5_2_0000009AC39CC0F8 pushfd ; ret |
5_2_0000009AC39CC0FB |
Source: C:\Users\user\AppData\Roaming\updatefa\SoundTune.exe |
Code function: 5_2_0000009AC39CB0EC pushfd ; ret |
5_2_0000009AC39CB12B |
Source: C:\Users\user\AppData\Roaming\updatefa\SoundTune.exe |
Code function: 5_2_0000009AC39CBEE2 pushfd ; ret |
5_2_0000009AC39CBEE3 |
Source: C:\Users\user\AppData\Roaming\updatefa\SoundTune.exe |
Code function: 5_2_0000009AC39CE4E2 pushfd ; ret |
5_2_0000009AC39CE4F3 |
Source: C:\Users\user\AppData\Roaming\updatefa\SoundTune.exe |
Code function: 5_2_0000009AC39CF6E2 pushfd ; ret |
5_2_0000009AC39CF6E3 |
Source: C:\Users\user\AppData\Roaming\updatefa\SoundTune.exe |
Code function: 5_2_0000009AC39CCCE4 pushfd ; ret |
5_2_0000009AC39CCCBB |
Source: C:\Users\user\AppData\Roaming\updatefa\SoundTune.exe |
Code function: 5_2_0000009AC39CACE4 pushfd ; ret |
5_2_0000009AC39CACFB |
Source: C:\Users\user\AppData\Roaming\updatefa\SoundTune.exe |
Code function: 5_2_0000009AC39CB0DA pushfd ; ret |
5_2_0000009AC39CB0DB |
Source: C:\Users\user\AppData\Roaming\updatefa\SoundTune.exe |
Code function: 5_2_0000009AC39CB4DA pushfd ; ret |
5_2_0000009AC39CB4DB |
Source: C:\Users\user\AppData\Roaming\updatefa\SoundTune.exe |
Code function: 5_2_0000009AC39CE6DB pushfd ; ret |
5_2_0000009AC39CE6FB |
Source: C:\Users\user\AppData\Roaming\updatefa\SoundTune.exe |
Code function: 5_2_0000009AC39C94DC pushfd ; ret |
5_2_0000009AC39C94FB |
Source: C:\Users\user\AppData\Roaming\updatefa\SoundTune.exe |
Code function: 5_2_0000009AC39CB312 pushfd ; ret |
5_2_0000009AC39CB313 |
Source: C:\Users\user\AppData\Roaming\updatefa\SoundTune.exe |
Code function: 5_2_0000009AC39CA314 pushfd ; ret |
5_2_0000009AC39CA393 |
Source: C:\Users\user\AppData\Roaming\updatefa\SoundTune.exe |
Code function: 5_2_0000009AC39CF314 pushfd ; ret |
5_2_0000009AC39CF323 |
Source: C:\Users\user\AppData\Roaming\updatefa\SoundTune.exe |
Code function: 5_2_0000009AC39CDD0A pushfd ; ret |
5_2_0000009AC39CDD13 |
Source: C:\Users\user\AppData\Roaming\updatefa\SoundTune.exe |
Code function: 5_2_0000009AC39C950C pushfd ; ret |
5_2_0000009AC39C951B |
Source: C:\Users\user\AppData\Roaming\updatefa\SoundTune.exe |
Code function: 5_2_0000009AC39CD10C pushfd ; ret |
5_2_0000009AC39CD12B |
Source: C:\Users\user\AppData\Roaming\updatefa\SoundTune.exe |
Code function: 5_2_0000009AC39CF308 pushfd ; ret |
5_2_0000009AC39CF313 |
Source: C:\Users\user\AppData\Roaming\updatefa\SoundTune.exe |
Code function: 5_2_0000009AC39CD101 pushfd ; ret |
5_2_0000009AC39CD08B |
Source: C:\Users\user\AppData\Roaming\updatefa\SoundTune.exe |
Code function: 5_2_0000009AC39C9AFB pushfd ; ret |
5_2_0000009AC39C9B43 |
Source: C:\Users\user\AppData\Roaming\updatefa\SoundTune.exe |
Code function: 5_2_0000009AC39CD538 pushfd ; ret |
5_2_0000009AC39CD53B |
Source: C:\Users\user\AppData\Roaming\updatefa\SoundTune.exe |
Code function: 5_2_0000009AC39CCF32 pushfd ; ret |
5_2_0000009AC39CCF33 |
Source: C:\Users\user\AppData\Roaming\updatefa\SoundTune.exe |
Code function: 5_2_0000009AC39C932C pushfd ; ret |
5_2_0000009AC39C93C3 |
Source: C:\Users\user\AppData\Roaming\updatefa\SoundTune.exe |
Code function: 5_2_0000009AC39C9F2C pushfd ; ret |
5_2_0000009AC39C9F3B |
Source: C:\Users\user\AppData\Roaming\updatefa\SoundTune.exe |
Code function: 5_2_0000009AC39CD32C pushfd ; ret |
5_2_0000009AC39CD3EB |
Source: C:\Users\user\AppData\Roaming\updatefa\SoundTune.exe |
Code function: 5_2_0000009AC39C9D24 pushfd ; ret |
5_2_0000009AC39C9D3B |
Source: C:\Users\user\AppData\Roaming\updatefa\SoundTune.exe |
Code function: 5_2_0000009AC39CAB1C pushfd ; ret |
5_2_0000009AC39CAB1B |
Source: C:\Users\user\AppData\Roaming\updatefa\SoundTune.exe |
Code function: 5_2_0000009AC39CAB1C pushfd ; ret |
5_2_0000009AC39CABBB |
Source: C:\Users\user\AppData\Roaming\updatefa\SoundTune.exe |
Code function: 5_2_0000009AC39CC11C pushfd ; ret |
5_2_0000009AC39CC18B |
Source: C:\Users\user\AppData\Roaming\updatefa\SoundTune.exe |
Code function: 5_2_0000009AC39CC558 pushfd ; ret |
5_2_0000009AC39CC56B |
Source: C:\Users\user\AppData\Roaming\updatefa\SoundTune.exe |
NtCreateFile: Direct from: 0x8100000080 |
Jump to behavior |
Source: C:\Users\user\Desktop\SoundTune.exe |
NtAllocateVirtualMemory: Direct from: 0x7FF8B7FF8054 |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\updatefa\SoundTune.exe |
NtReadFile: Direct from: 0x7FF8A88E85FB |
Jump to behavior |
Source: C:\Users\user\Desktop\SoundTune.exe |
NtQuerySystemInformation: Direct from: 0x22581CEA630 |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\updatefa\SoundTune.exe |
NtQuerySystemInformation: Direct from: 0x25B6E3CFCA0 |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\updatefa\SoundTune.exe |
NtAllocateVirtualMemory: Direct from: 0x25B6E3D4D80 |
Jump to behavior |
Source: C:\Users\user\Desktop\SoundTune.exe |
NtCreateFile: Direct from: 0x7FF8B7FE78EC |
Jump to behavior |
Source: C:\Users\user\Desktop\SoundTune.exe |
NtAllocateVirtualMemory: Direct from: 0x22581CEDD20 |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\updatefa\SoundTune.exe |
NtProtectVirtualMemory: Direct from: 0x278AB606F30 |
Jump to behavior |
Source: C:\Users\user\Desktop\SoundTune.exe |
NtReadFile: Direct from: 0x7FF8B7FE85FB |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\updatefa\SoundTune.exe |
NtAllocateVirtualMemory: Direct from: 0x7FF8A88F8054 |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\updatefa\SoundTune.exe |
NtProtectVirtualMemory: Direct from: 0x298 |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\updatefa\SoundTune.exe |
NtAllocateVirtualMemory: Direct from: 0x2A37CC1F722 |
Jump to behavior |
Source: C:\Users\user\Desktop\SoundTune.exe |
NtProtectVirtualMemory: Direct from: 0x22581CF0760 |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\updatefa\SoundTune.exe |
NtSetTimerEx: Direct from: 0x7FF8C88A26A1 |
Jump to behavior |
Source: C:\Users\user\Desktop\SoundTune.exe |
NtCreateFile: Direct from: 0x4800000080 |
Jump to behavior |
Source: C:\Users\user\Desktop\SoundTune.exe |
NtAllocateVirtualMemory: Direct from: 0x22581CF0BB0 |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\updatefa\SoundTune.exe |
NtProtectVirtualMemory: Direct from: 0x7FF8A88F9B9C |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\updatefa\SoundTune.exe |
NtProtectVirtualMemory: Direct from: 0x7FF8A88F9BF0 |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\updatefa\SoundTune.exe |
NtProtectVirtualMemory: Direct from: 0x7FF8AC0453D3 |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\updatefa\SoundTune.exe |
NtAllocateVirtualMemory: Direct from: 0x2A37CC19070 |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\updatefa\SoundTune.exe |
NtCreateFile: Direct from: 0x7FF8A88E85AD |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\updatefa\SoundTune.exe |
NtCreateFile: Direct from: 0xDB00000080 |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\updatefa\SoundTune.exe |
NtWriteFile: Direct from: 0x25B7189DA30 |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\updatefa\SoundTune.exe |
NtQuerySystemInformation: Direct from: 0x2A37CC13E60 |
Jump to behavior |
Source: C:\Users\user\Desktop\SoundTune.exe |
NtProtectVirtualMemory: Direct from: 0x2B0 |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\updatefa\SoundTune.exe |
NtProtectVirtualMemory: Direct from: 0x7FF8C6F6FEE0 |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\updatefa\SoundTune.exe |
NtProtectVirtualMemory: Direct from: 0x25B6E51BAB0 |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\updatefa\SoundTune.exe |
NtWriteFile: Direct from: 0x2A30009DA30 |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\updatefa\SoundTune.exe |
NtQueryInformationToken: Direct from: 0x9AC39CDF70 |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\updatefa\SoundTune.exe |
NtQuerySystemInformation: Direct from: 0x9AC39CF4D0 |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\updatefa\SoundTune.exe |
NtProtectVirtualMemory: Direct from: 0x7FF8A88F8735 |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\updatefa\SoundTune.exe |
NtProtectVirtualMemory: Direct from: 0x278AE438E74 |
Jump to behavior |
Source: C:\Users\user\Desktop\SoundTune.exe |
NtCreateFile: Direct from: 0x7FF8B7FE85AD |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\updatefa\SoundTune.exe |
NtAllocateVirtualMemory: Direct from: 0xA0A76ACB |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\updatefa\SoundTune.exe |
NtAllocateVirtualMemory: Direct from: 0x278A9BC3CA2 |
Jump to behavior |
Source: C:\Users\user\Desktop\SoundTune.exe |
NtWriteFile: Direct from: 0x2258515DA30 |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\updatefa\SoundTune.exe |
NtProtectVirtualMemory: Direct from: 0x2A37CD2BBB0 |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\updatefa\SoundTune.exe |
NtCreateFile: Direct from: 0x7FF8A88E78EC |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\updatefa\SoundTune.exe |
NtAllocateVirtualMemory: Direct from: 0x25B6E3F5F32 |
Jump to behavior |
Source: C:\Users\user\Desktop\SoundTune.exe |
NtAllocateVirtualMemory: Direct from: 0x7FF8B7FE856E |
Jump to behavior |