Source: 14.2.cmd.exe.59000c8.7.unpack | String decryptor: responsibilitybridge.com |
Source: 14.2.cmd.exe.59000c8.7.unpack | String decryptor: /8BvxwQdec3/index.php |
Source: 14.2.cmd.exe.59000c8.7.unpack | String decryptor: S-%lu- |
Source: 14.2.cmd.exe.59000c8.7.unpack | String decryptor: 33a59d2d44 |
Source: 14.2.cmd.exe.59000c8.7.unpack | String decryptor: Dctooux.exe |
Source: 14.2.cmd.exe.59000c8.7.unpack | String decryptor: SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce |
Source: 14.2.cmd.exe.59000c8.7.unpack | String decryptor: SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders |
Source: 14.2.cmd.exe.59000c8.7.unpack | String decryptor: Startup |
Source: 14.2.cmd.exe.59000c8.7.unpack | String decryptor: cmd /C RMDIR /s/q |
Source: 14.2.cmd.exe.59000c8.7.unpack | String decryptor: SOFTWARE\Microsoft\Windows\CurrentVersion\Run |
Source: 14.2.cmd.exe.59000c8.7.unpack | String decryptor: rundll32 |
Source: 14.2.cmd.exe.59000c8.7.unpack | String decryptor: Programs |
Source: 14.2.cmd.exe.59000c8.7.unpack | String decryptor: SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders |
Source: 14.2.cmd.exe.59000c8.7.unpack | String decryptor: %USERPROFILE% |
Source: 14.2.cmd.exe.59000c8.7.unpack | String decryptor: cred.dll|clip.dll| |
Source: 14.2.cmd.exe.59000c8.7.unpack | String decryptor: http:// |
Source: 14.2.cmd.exe.59000c8.7.unpack | String decryptor: https:// |
Source: 14.2.cmd.exe.59000c8.7.unpack | String decryptor: /Plugins/ |
Source: 14.2.cmd.exe.59000c8.7.unpack | String decryptor: &unit= |
Source: 14.2.cmd.exe.59000c8.7.unpack | String decryptor: shell32.dll |
Source: 14.2.cmd.exe.59000c8.7.unpack | String decryptor: kernel32.dll |
Source: 14.2.cmd.exe.59000c8.7.unpack | String decryptor: GetNativeSystemInfo |
Source: 14.2.cmd.exe.59000c8.7.unpack | String decryptor: ProgramData\ |
Source: 14.2.cmd.exe.59000c8.7.unpack | String decryptor: AVAST Software |
Source: 14.2.cmd.exe.59000c8.7.unpack | String decryptor: Kaspersky Lab |
Source: 14.2.cmd.exe.59000c8.7.unpack | String decryptor: Panda Security |
Source: 14.2.cmd.exe.59000c8.7.unpack | String decryptor: Doctor Web |
Source: 14.2.cmd.exe.59000c8.7.unpack | String decryptor: 360TotalSecurity |
Source: 14.2.cmd.exe.59000c8.7.unpack | String decryptor: Bitdefender |
Source: 14.2.cmd.exe.59000c8.7.unpack | String decryptor: Norton |
Source: 14.2.cmd.exe.59000c8.7.unpack | String decryptor: Sophos |
Source: 14.2.cmd.exe.59000c8.7.unpack | String decryptor: Comodo |
Source: 14.2.cmd.exe.59000c8.7.unpack | String decryptor: WinDefender |
Source: 14.2.cmd.exe.59000c8.7.unpack | String decryptor: 0123456789 |
Source: 14.2.cmd.exe.59000c8.7.unpack | String decryptor: Content-Type: multipart/form-data; boundary=---- |
Source: 14.2.cmd.exe.59000c8.7.unpack | String decryptor: ------ |
Source: 14.2.cmd.exe.59000c8.7.unpack | String decryptor: ?scr=1 |
Source: 14.2.cmd.exe.59000c8.7.unpack | String decryptor: Content-Type: application/x-www-form-urlencoded |
Source: 14.2.cmd.exe.59000c8.7.unpack | String decryptor: SYSTEM\CurrentControlSet\Control\ComputerName\ComputerName |
Source: 14.2.cmd.exe.59000c8.7.unpack | String decryptor: ComputerName |
Source: 14.2.cmd.exe.59000c8.7.unpack | String decryptor: abcdefghijklmnopqrstuvwxyz0123456789-_ |
Source: 14.2.cmd.exe.59000c8.7.unpack | String decryptor: -unicode- |
Source: 14.2.cmd.exe.59000c8.7.unpack | String decryptor: SYSTEM\CurrentControlSet\Control\UnitedVideo\CONTROL\VIDEO\ |
Source: 14.2.cmd.exe.59000c8.7.unpack | String decryptor: SYSTEM\ControlSet001\Services\BasicDisplay\Video |
Source: 14.2.cmd.exe.59000c8.7.unpack | String decryptor: VideoID |
Source: 14.2.cmd.exe.59000c8.7.unpack | String decryptor: DefaultSettings.XResolution |
Source: 14.2.cmd.exe.59000c8.7.unpack | String decryptor: DefaultSettings.YResolution |
Source: 14.2.cmd.exe.59000c8.7.unpack | String decryptor: SOFTWARE\Microsoft\Windows NT\CurrentVersion |
Source: 14.2.cmd.exe.59000c8.7.unpack | String decryptor: ProductName |
Source: 14.2.cmd.exe.59000c8.7.unpack | String decryptor: CurrentBuild |
Source: 14.2.cmd.exe.59000c8.7.unpack | String decryptor: rundll32.exe |
Source: 14.2.cmd.exe.59000c8.7.unpack | String decryptor: "taskkill /f /im " |
Source: 14.2.cmd.exe.59000c8.7.unpack | String decryptor: " && timeout 1 && del |
Source: 14.2.cmd.exe.59000c8.7.unpack | String decryptor: && Exit" |
Source: 14.2.cmd.exe.59000c8.7.unpack | String decryptor: " && ren |
Source: 14.2.cmd.exe.59000c8.7.unpack | String decryptor: Powershell.exe |
Source: 14.2.cmd.exe.59000c8.7.unpack | String decryptor: -executionpolicy remotesigned -File " |
Source: 14.2.cmd.exe.59000c8.7.unpack | String decryptor: shutdown -s -t 0 |
Source: 14.2.cmd.exe.59000c8.7.unpack | String decryptor: random |
Source: 14.2.cmd.exe.59000c8.7.unpack | String decryptor: 64q}cZ |
Source: Yara match | File source: 5.2.SoundTune.exe.278ae41be5f.1.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 6.2.SoundTune.exe.2a37f9e925f.3.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 14.2.cmd.exe.532b378.3.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 16.2.explorer.exe.47f3f78.3.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 18.2.explorer.exe.4ca8a8a.5.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 0.2.SoundTune.exe.22584b96971.5.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 16.2.explorer.exe.47afa8a.2.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 17.2.explorer.exe.491fa8a.5.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 0.2.SoundTune.exe.22584bdae5f.2.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 2.2.cmd.exe.4ae3378.3.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 5.2.SoundTune.exe.278ae41b25f.3.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 6.2.SoundTune.exe.2a37f9e9e5f.4.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 14.2.cmd.exe.532bf78.4.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 7.2.cmd.exe.5465378.2.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 7.2.cmd.exe.5465f78.4.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 17.2.explorer.exe.4963378.4.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 18.2.explorer.exe.4cec378.3.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 13.2.SoundTune.exe.25b71315e5f.5.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 0.2.SoundTune.exe.22584bda25f.3.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 2.2.cmd.exe.4a9fa8a.4.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 2.2.cmd.exe.4ae3f78.2.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 7.2.cmd.exe.5421a8a.5.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 16.2.explorer.exe.47f3378.5.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 13.2.SoundTune.exe.25b7131525f.4.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 18.2.explorer.exe.4cecf78.2.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 17.2.explorer.exe.4963f78.2.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 6.2.SoundTune.exe.2a37f9a5971.5.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 13.2.SoundTune.exe.25b712d1971.3.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 5.2.SoundTune.exe.278ae3d7971.2.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 14.2.cmd.exe.52e7a8a.2.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 00000007.00000002.2413913656.000000000541B000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY |
Source: Yara match | File source: 00000002.00000002.2330278372.0000000004A99000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY |
Source: Yara match | File source: 00000010.00000002.2330168207.00000000047A9000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY |
Source: Yara match | File source: 0000000E.00000002.2478639571.00000000052E1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY |
Source: Yara match | File source: 00000005.00000002.2243163643.00000278AB600000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY |
Source: Yara match | File source: 0000000D.00000002.2254650455.0000025B712CB000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY |
Source: Yara match | File source: 00000012.00000002.2478523985.0000000004CA2000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY |
Source: Yara match | File source: 00000000.00000002.2053261362.0000022584B90000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY |
Source: Yara match | File source: 00000011.00000002.2414793420.0000000004919000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY |
Source: Yara match | File source: 00000005.00000002.2244717993.00000278AE3D1000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY |
Source: Yara match | File source: 00000006.00000002.2201257984.000002A37F99F000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY |
Source: Yara match | File source: Process Memory Space: SoundTune.exe PID: 4404, type: MEMORYSTR |
Source: Yara match | File source: Process Memory Space: cmd.exe PID: 3252, type: MEMORYSTR |
Source: Yara match | File source: Process Memory Space: SoundTune.exe PID: 6360, type: MEMORYSTR |
Source: Yara match | File source: Process Memory Space: SoundTune.exe PID: 2448, type: MEMORYSTR |
Source: | Binary string: D:\a\treesheets\treesheets\TS\TreeSheets.pdbP source: SoundTune.exe, 00000000.00000002.2052148275.0000022583B6A000.00000004.00000020.00020000.00000000.sdmp, SoundTune.exe, 00000000.00000002.2054568199.00007FF77A8E9000.00000002.00000001.01000000.00000003.sdmp, SoundTune.exe, 00000000.00000000.2036588675.00007FF77A8E9000.00000002.00000001.01000000.00000003.sdmp, SoundTune.exe, 00000005.00000002.2243607521.00000278AD563000.00000004.00000020.00020000.00000000.sdmp, SoundTune.exe, 00000005.00000000.2166738092.00007FF6FE3D9000.00000002.00000001.01000000.0000000A.sdmp, SoundTune.exe, 00000005.00000002.2246810793.00007FF6FE3D9000.00000002.00000001.01000000.0000000A.sdmp, SoundTune.exe, 00000006.00000002.2202817464.00007FF6FE3D9000.00000002.00000001.01000000.0000000A.sdmp, SoundTune.exe, 00000006.00000000.2168813639.00007FF6FE3D9000.00000002.00000001.01000000.0000000A.sdmp, SoundTune.exe, 00000006.00000002.2200022527.000002A37E98C000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: ntdll.pdb source: SoundTune.exe, 00000000.00000002.2053080712.00000225847BD000.00000004.00000020.00020000.00000000.sdmp, SoundTune.exe, 00000000.00000002.2053813920.00000225854C7000.00000004.00000001.00020000.00000000.sdmp, SoundTune.exe, 00000000.00000002.2053553749.00000225852C0000.00000004.00000800.00020000.00000000.sdmp, SoundTune.exe, 00000005.00000002.2245550366.00000278AE900000.00000004.00000800.00020000.00000000.sdmp, SoundTune.exe, 00000005.00000002.2243362804.00000278AB904000.00000004.00000020.00020000.00000000.sdmp, SoundTune.exe, 00000005.00000002.2245920757.00000278AEB03000.00000004.00000001.00020000.00000000.sdmp, SoundTune.exe, 00000006.00000002.2200873633.000002A37F5C2000.00000004.00000020.00020000.00000000.sdmp, SoundTune.exe, 00000006.00000002.2199453732.000002A30040E000.00000004.00000001.00020000.00000000.sdmp, SoundTune.exe, 00000006.00000002.2199258711.000002A300200000.00000004.00000800.00020000.00000000.sdmp |
Source: | Binary string: wntdll.pdbUGP source: cmd.exe, 00000002.00000002.2330127502.00000000046F5000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000002.00000002.2330397398.0000000004B70000.00000004.00001000.00020000.00000000.sdmp |
Source: | Binary string: ntdll.pdbUGP source: SoundTune.exe, 00000000.00000002.2053080712.00000225847BD000.00000004.00000020.00020000.00000000.sdmp, SoundTune.exe, 00000000.00000002.2053813920.00000225854C7000.00000004.00000001.00020000.00000000.sdmp, SoundTune.exe, 00000000.00000002.2053553749.00000225852C0000.00000004.00000800.00020000.00000000.sdmp, SoundTune.exe, 00000005.00000002.2245550366.00000278AE900000.00000004.00000800.00020000.00000000.sdmp, SoundTune.exe, 00000005.00000002.2243362804.00000278AB904000.00000004.00000020.00020000.00000000.sdmp, SoundTune.exe, 00000005.00000002.2245920757.00000278AEB03000.00000004.00000001.00020000.00000000.sdmp, SoundTune.exe, 00000006.00000002.2200873633.000002A37F5C2000.00000004.00000020.00020000.00000000.sdmp, SoundTune.exe, 00000006.00000002.2199453732.000002A30040E000.00000004.00000001.00020000.00000000.sdmp, SoundTune.exe, 00000006.00000002.2199258711.000002A300200000.00000004.00000800.00020000.00000000.sdmp |
Source: | Binary string: wntdll.pdb source: cmd.exe, 00000002.00000002.2330127502.00000000046F5000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000002.00000002.2330397398.0000000004B70000.00000004.00001000.00020000.00000000.sdmp |
Source: | Binary string: D:\a\treesheets\treesheets\TS\TreeSheets.pdb source: SoundTune.exe, 00000000.00000002.2052148275.0000022583B6A000.00000004.00000020.00020000.00000000.sdmp, SoundTune.exe, 00000000.00000002.2054568199.00007FF77A8E9000.00000002.00000001.01000000.00000003.sdmp, SoundTune.exe, 00000000.00000000.2036588675.00007FF77A8E9000.00000002.00000001.01000000.00000003.sdmp, SoundTune.exe, 00000005.00000002.2243607521.00000278AD563000.00000004.00000020.00020000.00000000.sdmp, SoundTune.exe, 00000005.00000000.2166738092.00007FF6FE3D9000.00000002.00000001.01000000.0000000A.sdmp, SoundTune.exe, 00000005.00000002.2246810793.00007FF6FE3D9000.00000002.00000001.01000000.0000000A.sdmp, SoundTune.exe, 00000006.00000002.2202817464.00007FF6FE3D9000.00000002.00000001.01000000.0000000A.sdmp, SoundTune.exe, 00000006.00000000.2168813639.00007FF6FE3D9000.00000002.00000001.01000000.0000000A.sdmp, SoundTune.exe, 00000006.00000002.2200022527.000002A37E98C000.00000004.00000020.00020000.00000000.sdmp |
Source: SoundTune.exe, 00000000.00000002.2053261362.0000022584B90000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000002.00000002.2330278372.0000000004A99000.00000004.00000800.00020000.00000000.sdmp, SoundTune.exe, 00000005.00000002.2244717993.00000278AE3D1000.00000004.00000020.00020000.00000000.sdmp, SoundTune.exe, 00000006.00000002.2201257984.000002A37F99F000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDCA-1.crt0 |
Source: SoundTune.exe, 00000000.00000002.2053261362.0000022584B90000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000002.00000002.2330278372.0000000004A99000.00000004.00000800.00020000.00000000.sdmp, SoundTune.exe, 00000005.00000002.2244717993.00000278AE3D1000.00000004.00000020.00020000.00000000.sdmp, SoundTune.exe, 00000006.00000002.2201257984.000002A37F99F000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDCodeSigningCA-1.crt0 |
Source: SoundTune.exe, 00000000.00000002.2053261362.0000022584B90000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000002.00000002.2330278372.0000000004A99000.00000004.00000800.00020000.00000000.sdmp, SoundTune.exe, 00000005.00000002.2244717993.00000278AE3D1000.00000004.00000020.00020000.00000000.sdmp, SoundTune.exe, 00000006.00000002.2201257984.000002A37F99F000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0 |
Source: SoundTune.exe, 00000000.00000002.2052148275.0000022583B6A000.00000004.00000020.00020000.00000000.sdmp, SoundTune.exe, 00000005.00000002.2243607521.00000278AD563000.00000004.00000020.00020000.00000000.sdmp, SoundTune.exe, 00000006.00000002.2200022527.000002A37E98C000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E |
Source: SoundTune.exe, 00000000.00000002.2053261362.0000022584B90000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000002.00000002.2330278372.0000000004A99000.00000004.00000800.00020000.00000000.sdmp, SoundTune.exe, 00000005.00000002.2244717993.00000278AE3D1000.00000004.00000020.00020000.00000000.sdmp, SoundTune.exe, 00000006.00000002.2201257984.000002A37F99F000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDTimestampingCA.crt0 |
Source: SoundTune.exe, 00000000.00000002.2052148275.0000022583B6A000.00000004.00000020.00020000.00000000.sdmp, SoundTune.exe, 00000005.00000002.2243607521.00000278AD563000.00000004.00000020.00020000.00000000.sdmp, SoundTune.exe, 00000006.00000002.2200022527.000002A37E98C000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0 |
Source: SoundTune.exe, 00000000.00000002.2052148275.0000022583B6A000.00000004.00000020.00020000.00000000.sdmp, SoundTune.exe, 00000005.00000002.2243607521.00000278AD563000.00000004.00000020.00020000.00000000.sdmp, SoundTune.exe, 00000006.00000002.2200022527.000002A37E98C000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0 |
Source: SoundTune.exe, 00000000.00000002.2052148275.0000022583B6A000.00000004.00000020.00020000.00000000.sdmp, SoundTune.exe, 00000005.00000002.2243607521.00000278AD563000.00000004.00000020.00020000.00000000.sdmp, SoundTune.exe, 00000006.00000002.2200022527.000002A37E98C000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C |
Source: SoundTune.exe, 00000000.00000002.2053261362.0000022584B90000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000002.00000002.2330278372.0000000004A99000.00000004.00000800.00020000.00000000.sdmp, SoundTune.exe, 00000005.00000002.2244717993.00000278AE3D1000.00000004.00000020.00020000.00000000.sdmp, SoundTune.exe, 00000006.00000002.2201257984.000002A37F99F000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDCA-1.crl08 |
Source: SoundTune.exe, 00000000.00000002.2052148275.0000022583B6A000.00000004.00000020.00020000.00000000.sdmp, SoundTune.exe, 00000005.00000002.2243607521.00000278AD563000.00000004.00000020.00020000.00000000.sdmp, SoundTune.exe, 00000006.00000002.2200022527.000002A37E98C000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0 |
Source: SoundTune.exe, 00000000.00000002.2053261362.0000022584B90000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000002.00000002.2330278372.0000000004A99000.00000004.00000800.00020000.00000000.sdmp, SoundTune.exe, 00000005.00000002.2244717993.00000278AE3D1000.00000004.00000020.00020000.00000000.sdmp, SoundTune.exe, 00000006.00000002.2201257984.000002A37F99F000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0: |
Source: SoundTune.exe, 00000000.00000002.2053261362.0000022584B90000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000002.00000002.2330278372.0000000004A99000.00000004.00000800.00020000.00000000.sdmp, SoundTune.exe, 00000005.00000002.2244717993.00000278AE3D1000.00000004.00000020.00020000.00000000.sdmp, SoundTune.exe, 00000006.00000002.2201257984.000002A37F99F000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0P |
Source: SoundTune.exe, 00000000.00000002.2052148275.0000022583B6A000.00000004.00000020.00020000.00000000.sdmp, SoundTune.exe, 00000005.00000002.2243607521.00000278AD563000.00000004.00000020.00020000.00000000.sdmp, SoundTune.exe, 00000006.00000002.2200022527.000002A37E98C000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S |
Source: SoundTune.exe, 00000000.00000002.2052148275.0000022583B6A000.00000004.00000020.00020000.00000000.sdmp, SoundTune.exe, 00000005.00000002.2243607521.00000278AD563000.00000004.00000020.00020000.00000000.sdmp, SoundTune.exe, 00000006.00000002.2200022527.000002A37E98C000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0 |
Source: SoundTune.exe, 00000006.00000002.2200022527.000002A37E98C000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0 |
Source: SoundTune.exe, 00000000.00000002.2053261362.0000022584B90000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000002.00000002.2330278372.0000000004A99000.00000004.00000800.00020000.00000000.sdmp, SoundTune.exe, 00000005.00000002.2244717993.00000278AE3D1000.00000004.00000020.00020000.00000000.sdmp, SoundTune.exe, 00000006.00000002.2201257984.000002A37F99F000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: http://crl3.digicert.com/assured-cs-g1.crl00 |
Source: SoundTune.exe, 00000000.00000002.2053261362.0000022584B90000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000002.00000002.2330278372.0000000004A99000.00000004.00000800.00020000.00000000.sdmp, SoundTune.exe, 00000005.00000002.2244717993.00000278AE3D1000.00000004.00000020.00020000.00000000.sdmp, SoundTune.exe, 00000006.00000002.2201257984.000002A37F99F000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: http://crl3.digicert.com/sha2-assured-ts.crl02 |
Source: SoundTune.exe, 00000000.00000002.2053261362.0000022584B90000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000002.00000002.2330278372.0000000004A99000.00000004.00000800.00020000.00000000.sdmp, SoundTune.exe, 00000005.00000002.2244717993.00000278AE3D1000.00000004.00000020.00020000.00000000.sdmp, SoundTune.exe, 00000006.00000002.2201257984.000002A37F99F000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDCA-1.crl0w |
Source: SoundTune.exe, 00000000.00000002.2053261362.0000022584B90000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000002.00000002.2330278372.0000000004A99000.00000004.00000800.00020000.00000000.sdmp, SoundTune.exe, 00000005.00000002.2244717993.00000278AE3D1000.00000004.00000020.00020000.00000000.sdmp, SoundTune.exe, 00000006.00000002.2201257984.000002A37F99F000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0 |
Source: SoundTune.exe, 00000000.00000002.2053261362.0000022584B90000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000002.00000002.2330278372.0000000004A99000.00000004.00000800.00020000.00000000.sdmp, SoundTune.exe, 00000005.00000002.2244717993.00000278AE3D1000.00000004.00000020.00020000.00000000.sdmp, SoundTune.exe, 00000006.00000002.2201257984.000002A37F99F000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0: |
Source: SoundTune.exe, 00000000.00000002.2052148275.0000022583B6A000.00000004.00000020.00020000.00000000.sdmp, SoundTune.exe, 00000005.00000002.2243607521.00000278AD563000.00000004.00000020.00020000.00000000.sdmp, SoundTune.exe, 00000006.00000002.2200022527.000002A37E98C000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0= |
Source: SoundTune.exe, 00000000.00000002.2053261362.0000022584B90000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000002.00000002.2330278372.0000000004A99000.00000004.00000800.00020000.00000000.sdmp, SoundTune.exe, 00000005.00000002.2244717993.00000278AE3D1000.00000004.00000020.00020000.00000000.sdmp, SoundTune.exe, 00000006.00000002.2201257984.000002A37F99F000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: http://crl4.digicert.com/assured-cs-g1.crl0L |
Source: SoundTune.exe, 00000000.00000002.2053261362.0000022584B90000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000002.00000002.2330278372.0000000004A99000.00000004.00000800.00020000.00000000.sdmp, SoundTune.exe, 00000005.00000002.2244717993.00000278AE3D1000.00000004.00000020.00020000.00000000.sdmp, SoundTune.exe, 00000006.00000002.2201257984.000002A37F99F000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: http://crl4.digicert.com/sha2-assured-ts.crl0 |
Source: SoundTune.exe, 00000000.00000002.2052148275.0000022583B6A000.00000004.00000020.00020000.00000000.sdmp, SoundTune.exe, 00000005.00000002.2243607521.00000278AD563000.00000004.00000020.00020000.00000000.sdmp, SoundTune.exe, 00000006.00000002.2200022527.000002A37E98C000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: http://ocsp.digicert.com0 |
Source: SoundTune.exe, 00000000.00000002.2052148275.0000022583B6A000.00000004.00000020.00020000.00000000.sdmp, SoundTune.exe, 00000000.00000002.2053261362.0000022584B90000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000002.00000002.2330278372.0000000004A99000.00000004.00000800.00020000.00000000.sdmp, SoundTune.exe, 00000005.00000002.2243607521.00000278AD563000.00000004.00000020.00020000.00000000.sdmp, SoundTune.exe, 00000005.00000002.2244717993.00000278AE3D1000.00000004.00000020.00020000.00000000.sdmp, SoundTune.exe, 00000006.00000002.2200022527.000002A37E98C000.00000004.00000020.00020000.00000000.sdmp, SoundTune.exe, 00000006.00000002.2201257984.000002A37F99F000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: http://ocsp.digicert.com0A |
Source: SoundTune.exe, 00000000.00000002.2052148275.0000022583B6A000.00000004.00000020.00020000.00000000.sdmp, SoundTune.exe, 00000000.00000002.2053261362.0000022584B90000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000002.00000002.2330278372.0000000004A99000.00000004.00000800.00020000.00000000.sdmp, SoundTune.exe, 00000005.00000002.2243607521.00000278AD563000.00000004.00000020.00020000.00000000.sdmp, SoundTune.exe, 00000005.00000002.2244717993.00000278AE3D1000.00000004.00000020.00020000.00000000.sdmp, SoundTune.exe, 00000006.00000002.2200022527.000002A37E98C000.00000004.00000020.00020000.00000000.sdmp, SoundTune.exe, 00000006.00000002.2201257984.000002A37F99F000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: http://ocsp.digicert.com0C |
Source: SoundTune.exe, 00000000.00000002.2053261362.0000022584B90000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000002.00000002.2330278372.0000000004A99000.00000004.00000800.00020000.00000000.sdmp, SoundTune.exe, 00000005.00000002.2244717993.00000278AE3D1000.00000004.00000020.00020000.00000000.sdmp, SoundTune.exe, 00000006.00000002.2201257984.000002A37F99F000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: http://ocsp.digicert.com0L |
Source: SoundTune.exe, 00000000.00000002.2053261362.0000022584B90000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000002.00000002.2330278372.0000000004A99000.00000004.00000800.00020000.00000000.sdmp, SoundTune.exe, 00000005.00000002.2244717993.00000278AE3D1000.00000004.00000020.00020000.00000000.sdmp, SoundTune.exe, 00000006.00000002.2201257984.000002A37F99F000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: http://ocsp.digicert.com0O |
Source: SoundTune.exe, 00000000.00000002.2052148275.0000022583B6A000.00000004.00000020.00020000.00000000.sdmp, SoundTune.exe, 00000005.00000002.2243607521.00000278AD563000.00000004.00000020.00020000.00000000.sdmp, SoundTune.exe, 00000006.00000002.2200022527.000002A37E98C000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: http://ocsp.digicert.com0X |
Source: SoundTune.exe, 00000000.00000002.2053261362.0000022584B90000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000002.00000002.2330278372.0000000004A99000.00000004.00000800.00020000.00000000.sdmp, SoundTune.exe, 00000005.00000002.2244717993.00000278AE3D1000.00000004.00000020.00020000.00000000.sdmp, SoundTune.exe, 00000006.00000002.2201257984.000002A37F99F000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: http://s1.symcb.com/pca3-g5.crl0 |
Source: SoundTune.exe, 00000000.00000002.2053261362.0000022584B90000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000002.00000002.2330278372.0000000004A99000.00000004.00000800.00020000.00000000.sdmp, SoundTune.exe, 00000005.00000002.2244717993.00000278AE3D1000.00000004.00000020.00020000.00000000.sdmp, SoundTune.exe, 00000006.00000002.2201257984.000002A37F99F000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: http://s2.symcb.com0 |
Source: SoundTune.exe, 00000000.00000002.2053261362.0000022584B90000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000002.00000002.2330278372.0000000004A99000.00000004.00000800.00020000.00000000.sdmp, SoundTune.exe, 00000005.00000002.2244717993.00000278AE3D1000.00000004.00000020.00020000.00000000.sdmp, SoundTune.exe, 00000006.00000002.2201257984.000002A37F99F000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: http://sv.symcb.com/sv.crl0a |
Source: SoundTune.exe, 00000000.00000002.2053261362.0000022584B90000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000002.00000002.2330278372.0000000004A99000.00000004.00000800.00020000.00000000.sdmp, SoundTune.exe, 00000005.00000002.2244717993.00000278AE3D1000.00000004.00000020.00020000.00000000.sdmp, SoundTune.exe, 00000006.00000002.2201257984.000002A37F99F000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: http://sv.symcb.com/sv.crt0 |
Source: SoundTune.exe, 00000000.00000002.2053261362.0000022584B90000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000002.00000002.2330278372.0000000004A99000.00000004.00000800.00020000.00000000.sdmp, SoundTune.exe, 00000005.00000002.2244717993.00000278AE3D1000.00000004.00000020.00020000.00000000.sdmp, SoundTune.exe, 00000006.00000002.2201257984.000002A37F99F000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: http://sv.symcd.com0& |
Source: SoundTune.exe, 00000000.00000002.2052148275.0000022583B6A000.00000004.00000020.00020000.00000000.sdmp, SoundTune.exe, 00000005.00000002.2243607521.00000278AD563000.00000004.00000020.00020000.00000000.sdmp, SoundTune.exe, 00000006.00000002.2200022527.000002A37E98C000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: http://www.digicert.com/CPS0 |
Source: SoundTune.exe, 00000000.00000002.2053261362.0000022584B90000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000002.00000002.2330278372.0000000004A99000.00000004.00000800.00020000.00000000.sdmp, SoundTune.exe, 00000005.00000002.2244717993.00000278AE3D1000.00000004.00000020.00020000.00000000.sdmp, SoundTune.exe, 00000006.00000002.2201257984.000002A37F99F000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: http://www.digicert.com/ssl-cps-repository.htm0 |
Source: SoundTune.exe, 00000000.00000002.2053261362.0000022584A36000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000002.00000002.2330278372.0000000004A50000.00000004.00000800.00020000.00000000.sdmp, SoundTune.exe, 00000005.00000002.2244717993.00000278AE277000.00000004.00000020.00020000.00000000.sdmp, SoundTune.exe, 00000006.00000002.2201257984.000002A37F845000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: http://www.info-zip.org/ |
Source: SoundTune.exe, 00000000.00000002.2053261362.0000022584B90000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000002.00000002.2330278372.0000000004A99000.00000004.00000800.00020000.00000000.sdmp, SoundTune.exe, 00000005.00000002.2244717993.00000278AE3D1000.00000004.00000020.00020000.00000000.sdmp, SoundTune.exe, 00000006.00000002.2201257984.000002A37F99F000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: http://www.symauth.com/cps0( |
Source: SoundTune.exe, 00000000.00000002.2053261362.0000022584B90000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000002.00000002.2330278372.0000000004A99000.00000004.00000800.00020000.00000000.sdmp, SoundTune.exe, 00000005.00000002.2244717993.00000278AE3D1000.00000004.00000020.00020000.00000000.sdmp, SoundTune.exe, 00000006.00000002.2201257984.000002A37F99F000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: http://www.symauth.com/rpa00 |
Source: SoundTune.exe, 00000000.00000002.2053261362.0000022584B90000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000002.00000002.2330278372.0000000004A99000.00000004.00000800.00020000.00000000.sdmp, SoundTune.exe, 00000005.00000002.2244717993.00000278AE3D1000.00000004.00000020.00020000.00000000.sdmp, SoundTune.exe, 00000006.00000002.2201257984.000002A37F99F000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: http://www.vmware.com/0 |
Source: SoundTune.exe, 00000000.00000002.2053261362.0000022584B90000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000002.00000002.2330278372.0000000004A99000.00000004.00000800.00020000.00000000.sdmp, SoundTune.exe, 00000005.00000002.2244717993.00000278AE3D1000.00000004.00000020.00020000.00000000.sdmp, SoundTune.exe, 00000006.00000002.2201257984.000002A37F99F000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: http://www.vmware.com/0/ |
Source: SoundTune.exe, 00000000.00000002.2052148275.0000022583B6A000.00000004.00000020.00020000.00000000.sdmp, SoundTune.exe, 00000005.00000002.2243607521.00000278AD563000.00000004.00000020.00020000.00000000.sdmp, SoundTune.exe, 00000006.00000002.2200022527.000002A37E98C000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://bitsum.com0/ |
Source: SoundTune.exe, 00000000.00000002.2053261362.0000022584B90000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000002.00000002.2330278372.0000000004A99000.00000004.00000800.00020000.00000000.sdmp, SoundTune.exe, 00000005.00000002.2244717993.00000278AE3D1000.00000004.00000020.00020000.00000000.sdmp, SoundTune.exe, 00000006.00000002.2201257984.000002A37F99F000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://d.symcb.com/cps0% |
Source: SoundTune.exe, 00000000.00000002.2053261362.0000022584B90000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000002.00000002.2330278372.0000000004A99000.00000004.00000800.00020000.00000000.sdmp, SoundTune.exe, 00000005.00000002.2244717993.00000278AE3D1000.00000004.00000020.00020000.00000000.sdmp, SoundTune.exe, 00000006.00000002.2201257984.000002A37F99F000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://d.symcb.com/rpa0 |
Source: SoundTune.exe, 00000000.00000002.2052148275.0000022583B6A000.00000004.00000020.00020000.00000000.sdmp, SoundTune.exe, 00000000.00000002.2054568199.00007FF77A8E9000.00000002.00000001.01000000.00000003.sdmp, SoundTune.exe, 00000000.00000000.2036588675.00007FF77A8E9000.00000002.00000001.01000000.00000003.sdmp, SoundTune.exe, 00000005.00000002.2243607521.00000278AD563000.00000004.00000020.00020000.00000000.sdmp, SoundTune.exe, 00000005.00000000.2166738092.00007FF6FE3D9000.00000002.00000001.01000000.0000000A.sdmp, SoundTune.exe, 00000005.00000002.2246810793.00007FF6FE3D9000.00000002.00000001.01000000.0000000A.sdmp, SoundTune.exe, 00000006.00000002.2202817464.00007FF6FE3D9000.00000002.00000001.01000000.0000000A.sdmp, SoundTune.exe, 00000006.00000000.2168813639.00007FF6FE3D9000.00000002.00000001.01000000.0000000A.sdmp, SoundTune.exe, 00000006.00000002.2200022527.000002A37E98C000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://docs.wxwidgets.org/latest/classwx_system_options.html |
Source: SoundTune.exe, 00000000.00000002.2052148275.0000022583B6A000.00000004.00000020.00020000.00000000.sdmp, SoundTune.exe, 00000000.00000002.2054568199.00007FF77A8E9000.00000002.00000001.01000000.00000003.sdmp, SoundTune.exe, 00000000.00000000.2036588675.00007FF77A8E9000.00000002.00000001.01000000.00000003.sdmp, SoundTune.exe, 00000005.00000002.2243607521.00000278AD563000.00000004.00000020.00020000.00000000.sdmp, SoundTune.exe, 00000005.00000000.2166738092.00007FF6FE3D9000.00000002.00000001.01000000.0000000A.sdmp, SoundTune.exe, 00000005.00000002.2246810793.00007FF6FE3D9000.00000002.00000001.01000000.0000000A.sdmp, SoundTune.exe, 00000006.00000002.2202817464.00007FF6FE3D9000.00000002.00000001.01000000.0000000A.sdmp, SoundTune.exe, 00000006.00000000.2168813639.00007FF6FE3D9000.00000002.00000001.01000000.0000000A.sdmp, SoundTune.exe, 00000006.00000002.2200022527.000002A37E98C000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://docs.wxwidgets.org/latest/plat_msw_install.html#msw_manifest |
Source: SoundTune.exe, 00000000.00000002.2053261362.0000022584B90000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000002.00000002.2330278372.0000000004A99000.00000004.00000800.00020000.00000000.sdmp, SoundTune.exe, 00000005.00000002.2244717993.00000278AE3D1000.00000004.00000020.00020000.00000000.sdmp, SoundTune.exe, 00000006.00000002.2201257984.000002A37F99F000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: https://www.digicert.com/CPS0 |
Source: 5.2.SoundTune.exe.278ae41be5f.1.raw.unpack, type: UNPACKEDPE | Matched rule: Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) Author: ditekSHen |
Source: 6.2.SoundTune.exe.2a37f9e925f.3.raw.unpack, type: UNPACKEDPE | Matched rule: Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) Author: ditekSHen |
Source: 14.2.cmd.exe.532b378.3.raw.unpack, type: UNPACKEDPE | Matched rule: Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) Author: ditekSHen |
Source: 16.2.explorer.exe.47f3f78.3.raw.unpack, type: UNPACKEDPE | Matched rule: Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) Author: ditekSHen |
Source: 18.2.explorer.exe.4ca8a8a.5.raw.unpack, type: UNPACKEDPE | Matched rule: Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) Author: ditekSHen |
Source: 0.2.SoundTune.exe.22584b96971.5.raw.unpack, type: UNPACKEDPE | Matched rule: Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) Author: ditekSHen |
Source: 16.2.explorer.exe.47afa8a.2.raw.unpack, type: UNPACKEDPE | Matched rule: Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) Author: ditekSHen |
Source: 17.2.explorer.exe.491fa8a.5.raw.unpack, type: UNPACKEDPE | Matched rule: Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) Author: ditekSHen |
Source: 0.2.SoundTune.exe.22584bdae5f.2.raw.unpack, type: UNPACKEDPE | Matched rule: Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) Author: ditekSHen |
Source: 2.2.cmd.exe.4ae3378.3.raw.unpack, type: UNPACKEDPE | Matched rule: Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) Author: ditekSHen |
Source: 5.2.SoundTune.exe.278ae41b25f.3.raw.unpack, type: UNPACKEDPE | Matched rule: Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) Author: ditekSHen |
Source: 6.2.SoundTune.exe.2a37f9e9e5f.4.raw.unpack, type: UNPACKEDPE | Matched rule: Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) Author: ditekSHen |
Source: 14.2.cmd.exe.532bf78.4.raw.unpack, type: UNPACKEDPE | Matched rule: Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) Author: ditekSHen |
Source: 7.2.cmd.exe.5465378.2.raw.unpack, type: UNPACKEDPE | Matched rule: Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) Author: ditekSHen |
Source: 7.2.cmd.exe.5465f78.4.raw.unpack, type: UNPACKEDPE | Matched rule: Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) Author: ditekSHen |
Source: 17.2.explorer.exe.4963378.4.raw.unpack, type: UNPACKEDPE | Matched rule: Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) Author: ditekSHen |
Source: 18.2.explorer.exe.4cec378.3.raw.unpack, type: UNPACKEDPE | Matched rule: Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) Author: ditekSHen |
Source: 13.2.SoundTune.exe.25b71315e5f.5.raw.unpack, type: UNPACKEDPE | Matched rule: Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) Author: ditekSHen |
Source: 0.2.SoundTune.exe.22584bda25f.3.raw.unpack, type: UNPACKEDPE | Matched rule: Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) Author: ditekSHen |
Source: 2.2.cmd.exe.4a9fa8a.4.raw.unpack, type: UNPACKEDPE | Matched rule: Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) Author: ditekSHen |
Source: 2.2.cmd.exe.4ae3f78.2.raw.unpack, type: UNPACKEDPE | Matched rule: Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) Author: ditekSHen |
Source: 7.2.cmd.exe.5421a8a.5.raw.unpack, type: UNPACKEDPE | Matched rule: Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) Author: ditekSHen |
Source: 16.2.explorer.exe.47f3378.5.raw.unpack, type: UNPACKEDPE | Matched rule: Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) Author: ditekSHen |
Source: 13.2.SoundTune.exe.25b7131525f.4.raw.unpack, type: UNPACKEDPE | Matched rule: Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) Author: ditekSHen |
Source: 18.2.explorer.exe.4cecf78.2.raw.unpack, type: UNPACKEDPE | Matched rule: Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) Author: ditekSHen |
Source: 17.2.explorer.exe.4963f78.2.raw.unpack, type: UNPACKEDPE | Matched rule: Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) Author: ditekSHen |
Source: 6.2.SoundTune.exe.2a37f9a5971.5.raw.unpack, type: UNPACKEDPE | Matched rule: Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) Author: ditekSHen |
Source: 13.2.SoundTune.exe.25b712d1971.3.raw.unpack, type: UNPACKEDPE | Matched rule: Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) Author: ditekSHen |
Source: 5.2.SoundTune.exe.278ae3d7971.2.raw.unpack, type: UNPACKEDPE | Matched rule: Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) Author: ditekSHen |
Source: 14.2.cmd.exe.52e7a8a.2.raw.unpack, type: UNPACKEDPE | Matched rule: Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) Author: ditekSHen |
Source: 5.2.SoundTune.exe.278ae41be5f.1.raw.unpack, type: UNPACKEDPE | Matched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) |
Source: 6.2.SoundTune.exe.2a37f9e925f.3.raw.unpack, type: UNPACKEDPE | Matched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) |
Source: 14.2.cmd.exe.532b378.3.raw.unpack, type: UNPACKEDPE | Matched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) |
Source: 16.2.explorer.exe.47f3f78.3.raw.unpack, type: UNPACKEDPE | Matched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) |
Source: 18.2.explorer.exe.4ca8a8a.5.raw.unpack, type: UNPACKEDPE | Matched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) |
Source: 0.2.SoundTune.exe.22584b96971.5.raw.unpack, type: UNPACKEDPE | Matched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) |
Source: 16.2.explorer.exe.47afa8a.2.raw.unpack, type: UNPACKEDPE | Matched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) |
Source: 17.2.explorer.exe.491fa8a.5.raw.unpack, type: UNPACKEDPE | Matched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) |
Source: 0.2.SoundTune.exe.22584bdae5f.2.raw.unpack, type: UNPACKEDPE | Matched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) |
Source: 2.2.cmd.exe.4ae3378.3.raw.unpack, type: UNPACKEDPE | Matched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) |
Source: 5.2.SoundTune.exe.278ae41b25f.3.raw.unpack, type: UNPACKEDPE | Matched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) |
Source: 6.2.SoundTune.exe.2a37f9e9e5f.4.raw.unpack, type: UNPACKEDPE | Matched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) |
Source: 14.2.cmd.exe.532bf78.4.raw.unpack, type: UNPACKEDPE | Matched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) |
Source: 7.2.cmd.exe.5465378.2.raw.unpack, type: UNPACKEDPE | Matched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) |
Source: 7.2.cmd.exe.5465f78.4.raw.unpack, type: UNPACKEDPE | Matched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) |
Source: 17.2.explorer.exe.4963378.4.raw.unpack, type: UNPACKEDPE | Matched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) |
Source: 18.2.explorer.exe.4cec378.3.raw.unpack, type: UNPACKEDPE | Matched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) |
Source: 13.2.SoundTune.exe.25b71315e5f.5.raw.unpack, type: UNPACKEDPE | Matched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) |
Source: 0.2.SoundTune.exe.22584bda25f.3.raw.unpack, type: UNPACKEDPE | Matched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) |
Source: 2.2.cmd.exe.4a9fa8a.4.raw.unpack, type: UNPACKEDPE | Matched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) |
Source: 2.2.cmd.exe.4ae3f78.2.raw.unpack, type: UNPACKEDPE | Matched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) |
Source: 7.2.cmd.exe.5421a8a.5.raw.unpack, type: UNPACKEDPE | Matched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) |
Source: 16.2.explorer.exe.47f3378.5.raw.unpack, type: UNPACKEDPE | Matched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) |
Source: 13.2.SoundTune.exe.25b7131525f.4.raw.unpack, type: UNPACKEDPE | Matched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) |
Source: 18.2.explorer.exe.4cecf78.2.raw.unpack, type: UNPACKEDPE | Matched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) |
Source: 17.2.explorer.exe.4963f78.2.raw.unpack, type: UNPACKEDPE | Matched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) |
Source: 6.2.SoundTune.exe.2a37f9a5971.5.raw.unpack, type: UNPACKEDPE | Matched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) |
Source: 13.2.SoundTune.exe.25b712d1971.3.raw.unpack, type: UNPACKEDPE | Matched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) |
Source: 5.2.SoundTune.exe.278ae3d7971.2.raw.unpack, type: UNPACKEDPE | Matched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) |
Source: 14.2.cmd.exe.52e7a8a.2.raw.unpack, type: UNPACKEDPE | Matched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) |
Source: C:\Users\user\Desktop\SoundTune.exe | Section loaded: apphelp.dll | Jump to behavior |
Source: C:\Users\user\Desktop\SoundTune.exe | Section loaded: oleacc.dll | Jump to behavior |
Source: C:\Users\user\Desktop\SoundTune.exe | Section loaded: uxtheme.dll | Jump to behavior |
Source: C:\Users\user\Desktop\SoundTune.exe | Section loaded: version.dll | Jump to behavior |
Source: C:\Users\user\Desktop\SoundTune.exe | Section loaded: msimg32.dll | Jump to behavior |
Source: C:\Users\user\Desktop\SoundTune.exe | Section loaded: kernel.appcore.dll | Jump to behavior |
Source: C:\Users\user\Desktop\SoundTune.exe | Section loaded: sspicli.dll | Jump to behavior |
Source: C:\Users\user\Desktop\SoundTune.exe | Section loaded: winhttp.dll | Jump to behavior |
Source: C:\Users\user\Desktop\SoundTune.exe | Section loaded: windowscodecs.dll | Jump to behavior |
Source: C:\Users\user\Desktop\SoundTune.exe | Section loaded: pla.dll | Jump to behavior |
Source: C:\Users\user\Desktop\SoundTune.exe | Section loaded: pdh.dll | Jump to behavior |
Source: C:\Users\user\Desktop\SoundTune.exe | Section loaded: tdh.dll | Jump to behavior |
Source: C:\Users\user\Desktop\SoundTune.exe | Section loaded: cabinet.dll | Jump to behavior |
Source: C:\Users\user\Desktop\SoundTune.exe | Section loaded: wevtapi.dll | Jump to behavior |
Source: C:\Users\user\Desktop\SoundTune.exe | Section loaded: shdocvw.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\cmd.exe | Section loaded: winbrand.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\cmd.exe | Section loaded: wldp.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\cmd.exe | Section loaded: shdocvw.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\cmd.exe | Section loaded: kernel.appcore.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\cmd.exe | Section loaded: bitsproxy.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\cmd.exe | Section loaded: taskschd.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\cmd.exe | Section loaded: sspicli.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\cmd.exe | Section loaded: xmllite.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\cmd.exe | Section loaded: mstask.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\cmd.exe | Section loaded: windows.storage.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\cmd.exe | Section loaded: wldp.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\cmd.exe | Section loaded: mpr.dll | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\updatefa\SoundTune.exe | Section loaded: apphelp.dll | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\updatefa\SoundTune.exe | Section loaded: oleacc.dll | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\updatefa\SoundTune.exe | Section loaded: uxtheme.dll | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\updatefa\SoundTune.exe | Section loaded: version.dll | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\updatefa\SoundTune.exe | Section loaded: msimg32.dll | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\updatefa\SoundTune.exe | Section loaded: kernel.appcore.dll | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\updatefa\SoundTune.exe | Section loaded: sspicli.dll | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\updatefa\SoundTune.exe | Section loaded: duser.dll | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\updatefa\SoundTune.exe | Section loaded: xmllite.dll | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\updatefa\SoundTune.exe | Section loaded: atlthunk.dll | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\updatefa\SoundTune.exe | Section loaded: textshaping.dll | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\updatefa\SoundTune.exe | Section loaded: textinputframework.dll | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\updatefa\SoundTune.exe | Section loaded: coreuicomponents.dll | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\updatefa\SoundTune.exe | Section loaded: coremessaging.dll | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\updatefa\SoundTune.exe | Section loaded: ntmarta.dll | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\updatefa\SoundTune.exe | Section loaded: coremessaging.dll | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\updatefa\SoundTune.exe | Section loaded: wintypes.dll | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\updatefa\SoundTune.exe | Section loaded: wintypes.dll | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\updatefa\SoundTune.exe | Section loaded: wintypes.dll | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\updatefa\SoundTune.exe | Section loaded: winhttp.dll | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\updatefa\SoundTune.exe | Section loaded: windowscodecs.dll | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\updatefa\SoundTune.exe | Section loaded: pla.dll | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\updatefa\SoundTune.exe | Section loaded: pdh.dll | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\updatefa\SoundTune.exe | Section loaded: tdh.dll | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\updatefa\SoundTune.exe | Section loaded: cabinet.dll | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\updatefa\SoundTune.exe | Section loaded: wevtapi.dll | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\updatefa\SoundTune.exe | Section loaded: shdocvw.dll | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\updatefa\SoundTune.exe | Section loaded: msftedit.dll | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\updatefa\SoundTune.exe | Section loaded: comsvcs.dll | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\updatefa\SoundTune.exe | Section loaded: cryptsp.dll | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\updatefa\SoundTune.exe | Section loaded: rsaenh.dll | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\updatefa\SoundTune.exe | Section loaded: cryptbase.dll | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\updatefa\SoundTune.exe | Section loaded: cmlua.dll | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\updatefa\SoundTune.exe | Section loaded: cmutil.dll | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\updatefa\SoundTune.exe | Section loaded: oleacc.dll | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\updatefa\SoundTune.exe | Section loaded: uxtheme.dll | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\updatefa\SoundTune.exe | Section loaded: version.dll | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\updatefa\SoundTune.exe | Section loaded: msimg32.dll | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\updatefa\SoundTune.exe | Section loaded: kernel.appcore.dll | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\updatefa\SoundTune.exe | Section loaded: sspicli.dll | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\updatefa\SoundTune.exe | Section loaded: winhttp.dll | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\updatefa\SoundTune.exe | Section loaded: windowscodecs.dll | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\updatefa\SoundTune.exe | Section loaded: pla.dll | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\updatefa\SoundTune.exe | Section loaded: pdh.dll | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\updatefa\SoundTune.exe | Section loaded: tdh.dll | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\updatefa\SoundTune.exe | Section loaded: cabinet.dll | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\updatefa\SoundTune.exe | Section loaded: wevtapi.dll | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\updatefa\SoundTune.exe | Section loaded: shdocvw.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\cmd.exe | Section loaded: winbrand.dll | |
Source: C:\Windows\SysWOW64\cmd.exe | Section loaded: wldp.dll | |
Source: C:\Windows\SysWOW64\cmd.exe | Section loaded: shdocvw.dll | |
Source: C:\Windows\SysWOW64\cmd.exe | Section loaded: kernel.appcore.dll | |
Source: C:\Windows\SysWOW64\cmd.exe | Section loaded: uxtheme.dll | |
Source: C:\Windows\SysWOW64\cmd.exe | Section loaded: mstask.dll | |
Source: C:\Users\user\AppData\Roaming\updatefa\SoundTune.exe | Section loaded: oleacc.dll | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\updatefa\SoundTune.exe | Section loaded: uxtheme.dll | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\updatefa\SoundTune.exe | Section loaded: version.dll | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\updatefa\SoundTune.exe | Section loaded: msimg32.dll | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\updatefa\SoundTune.exe | Section loaded: kernel.appcore.dll | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\updatefa\SoundTune.exe | Section loaded: sspicli.dll | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\updatefa\SoundTune.exe | Section loaded: winhttp.dll | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\updatefa\SoundTune.exe | Section loaded: windowscodecs.dll | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\updatefa\SoundTune.exe | Section loaded: pla.dll | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\updatefa\SoundTune.exe | Section loaded: pdh.dll | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\updatefa\SoundTune.exe | Section loaded: tdh.dll | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\updatefa\SoundTune.exe | Section loaded: cabinet.dll | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\updatefa\SoundTune.exe | Section loaded: wevtapi.dll | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\updatefa\SoundTune.exe | Section loaded: shdocvw.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\cmd.exe | Section loaded: winbrand.dll | |
Source: C:\Windows\SysWOW64\cmd.exe | Section loaded: wldp.dll | |
Source: C:\Windows\SysWOW64\cmd.exe | Section loaded: shdocvw.dll | |
Source: C:\Windows\SysWOW64\cmd.exe | Section loaded: kernel.appcore.dll | |
Source: C:\Windows\SysWOW64\cmd.exe | Section loaded: uxtheme.dll | |
Source: C:\Windows\SysWOW64\cmd.exe | Section loaded: mstask.dll | |
Source: C:\Windows\SysWOW64\explorer.exe | Section loaded: aepic.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\explorer.exe | Section loaded: twinapi.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\explorer.exe | Section loaded: userenv.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\explorer.exe | Section loaded: iphlpapi.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\explorer.exe | Section loaded: powrprof.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\explorer.exe | Section loaded: windows.storage.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\explorer.exe | Section loaded: dxgi.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\explorer.exe | Section loaded: windows.storage.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\explorer.exe | Section loaded: kernel.appcore.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\explorer.exe | Section loaded: propsys.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\explorer.exe | Section loaded: coremessaging.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\explorer.exe | Section loaded: urlmon.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\explorer.exe | Section loaded: windows.storage.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\explorer.exe | Section loaded: windows.storage.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\explorer.exe | Section loaded: kernel.appcore.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\explorer.exe | Section loaded: wtsapi32.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\explorer.exe | Section loaded: wininet.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\explorer.exe | Section loaded: uxtheme.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\explorer.exe | Section loaded: dwmapi.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\explorer.exe | Section loaded: sspicli.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\explorer.exe | Section loaded: kernel.appcore.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\explorer.exe | Section loaded: twinapi.appcore.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\explorer.exe | Section loaded: wldp.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\explorer.exe | Section loaded: ntmarta.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\explorer.exe | Section loaded: iertutil.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\explorer.exe | Section loaded: srvcli.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\explorer.exe | Section loaded: netutils.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\explorer.exe | Section loaded: cryptsp.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\explorer.exe | Section loaded: umpdc.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\explorer.exe | Section loaded: shdocvw.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\explorer.exe | Section loaded: aepic.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\explorer.exe | Section loaded: twinapi.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\explorer.exe | Section loaded: userenv.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\explorer.exe | Section loaded: ntmarta.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\explorer.exe | Section loaded: iphlpapi.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\explorer.exe | Section loaded: powrprof.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\explorer.exe | Section loaded: cryptsp.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\explorer.exe | Section loaded: windows.storage.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\explorer.exe | Section loaded: dxgi.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\explorer.exe | Section loaded: windows.storage.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\explorer.exe | Section loaded: kernel.appcore.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\explorer.exe | Section loaded: propsys.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\explorer.exe | Section loaded: coremessaging.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\explorer.exe | Section loaded: urlmon.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\explorer.exe | Section loaded: windows.storage.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\explorer.exe | Section loaded: windows.storage.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\explorer.exe | Section loaded: kernel.appcore.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\explorer.exe | Section loaded: wtsapi32.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\explorer.exe | Section loaded: wininet.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\explorer.exe | Section loaded: uxtheme.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\explorer.exe | Section loaded: dwmapi.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\explorer.exe | Section loaded: sspicli.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\explorer.exe | Section loaded: kernel.appcore.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\explorer.exe | Section loaded: twinapi.appcore.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\explorer.exe | Section loaded: wldp.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\explorer.exe | Section loaded: iertutil.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\explorer.exe | Section loaded: srvcli.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\explorer.exe | Section loaded: netutils.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\explorer.exe | Section loaded: umpdc.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\explorer.exe | Section loaded: shdocvw.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\explorer.exe | Section loaded: aepic.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\explorer.exe | Section loaded: twinapi.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\explorer.exe | Section loaded: userenv.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\explorer.exe | Section loaded: iphlpapi.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\explorer.exe | Section loaded: powrprof.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\explorer.exe | Section loaded: windows.storage.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\explorer.exe | Section loaded: dxgi.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\explorer.exe | Section loaded: windows.storage.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\explorer.exe | Section loaded: kernel.appcore.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\explorer.exe | Section loaded: propsys.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\explorer.exe | Section loaded: coremessaging.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\explorer.exe | Section loaded: urlmon.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\explorer.exe | Section loaded: windows.storage.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\explorer.exe | Section loaded: windows.storage.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\explorer.exe | Section loaded: kernel.appcore.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\explorer.exe | Section loaded: wtsapi32.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\explorer.exe | Section loaded: wininet.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\explorer.exe | Section loaded: uxtheme.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\explorer.exe | Section loaded: dwmapi.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\explorer.exe | Section loaded: sspicli.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\explorer.exe | Section loaded: kernel.appcore.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\explorer.exe | Section loaded: twinapi.appcore.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\explorer.exe | Section loaded: ntmarta.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\explorer.exe | Section loaded: cryptsp.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\explorer.exe | Section loaded: wldp.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\explorer.exe | Section loaded: iertutil.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\explorer.exe | Section loaded: srvcli.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\explorer.exe | Section loaded: netutils.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\explorer.exe | Section loaded: umpdc.dll | Jump to behavior |
Source: C:\Windows\SysWOW64\explorer.exe | Section loaded: shdocvw.dll | Jump to behavior |
Source: | Binary string: D:\a\treesheets\treesheets\TS\TreeSheets.pdbP source: SoundTune.exe, 00000000.00000002.2052148275.0000022583B6A000.00000004.00000020.00020000.00000000.sdmp, SoundTune.exe, 00000000.00000002.2054568199.00007FF77A8E9000.00000002.00000001.01000000.00000003.sdmp, SoundTune.exe, 00000000.00000000.2036588675.00007FF77A8E9000.00000002.00000001.01000000.00000003.sdmp, SoundTune.exe, 00000005.00000002.2243607521.00000278AD563000.00000004.00000020.00020000.00000000.sdmp, SoundTune.exe, 00000005.00000000.2166738092.00007FF6FE3D9000.00000002.00000001.01000000.0000000A.sdmp, SoundTune.exe, 00000005.00000002.2246810793.00007FF6FE3D9000.00000002.00000001.01000000.0000000A.sdmp, SoundTune.exe, 00000006.00000002.2202817464.00007FF6FE3D9000.00000002.00000001.01000000.0000000A.sdmp, SoundTune.exe, 00000006.00000000.2168813639.00007FF6FE3D9000.00000002.00000001.01000000.0000000A.sdmp, SoundTune.exe, 00000006.00000002.2200022527.000002A37E98C000.00000004.00000020.00020000.00000000.sdmp |
Source: | Binary string: ntdll.pdb source: SoundTune.exe, 00000000.00000002.2053080712.00000225847BD000.00000004.00000020.00020000.00000000.sdmp, SoundTune.exe, 00000000.00000002.2053813920.00000225854C7000.00000004.00000001.00020000.00000000.sdmp, SoundTune.exe, 00000000.00000002.2053553749.00000225852C0000.00000004.00000800.00020000.00000000.sdmp, SoundTune.exe, 00000005.00000002.2245550366.00000278AE900000.00000004.00000800.00020000.00000000.sdmp, SoundTune.exe, 00000005.00000002.2243362804.00000278AB904000.00000004.00000020.00020000.00000000.sdmp, SoundTune.exe, 00000005.00000002.2245920757.00000278AEB03000.00000004.00000001.00020000.00000000.sdmp, SoundTune.exe, 00000006.00000002.2200873633.000002A37F5C2000.00000004.00000020.00020000.00000000.sdmp, SoundTune.exe, 00000006.00000002.2199453732.000002A30040E000.00000004.00000001.00020000.00000000.sdmp, SoundTune.exe, 00000006.00000002.2199258711.000002A300200000.00000004.00000800.00020000.00000000.sdmp |
Source: | Binary string: wntdll.pdbUGP source: cmd.exe, 00000002.00000002.2330127502.00000000046F5000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000002.00000002.2330397398.0000000004B70000.00000004.00001000.00020000.00000000.sdmp |
Source: | Binary string: ntdll.pdbUGP source: SoundTune.exe, 00000000.00000002.2053080712.00000225847BD000.00000004.00000020.00020000.00000000.sdmp, SoundTune.exe, 00000000.00000002.2053813920.00000225854C7000.00000004.00000001.00020000.00000000.sdmp, SoundTune.exe, 00000000.00000002.2053553749.00000225852C0000.00000004.00000800.00020000.00000000.sdmp, SoundTune.exe, 00000005.00000002.2245550366.00000278AE900000.00000004.00000800.00020000.00000000.sdmp, SoundTune.exe, 00000005.00000002.2243362804.00000278AB904000.00000004.00000020.00020000.00000000.sdmp, SoundTune.exe, 00000005.00000002.2245920757.00000278AEB03000.00000004.00000001.00020000.00000000.sdmp, SoundTune.exe, 00000006.00000002.2200873633.000002A37F5C2000.00000004.00000020.00020000.00000000.sdmp, SoundTune.exe, 00000006.00000002.2199453732.000002A30040E000.00000004.00000001.00020000.00000000.sdmp, SoundTune.exe, 00000006.00000002.2199258711.000002A300200000.00000004.00000800.00020000.00000000.sdmp |
Source: | Binary string: wntdll.pdb source: cmd.exe, 00000002.00000002.2330127502.00000000046F5000.00000004.00000020.00020000.00000000.sdmp, cmd.exe, 00000002.00000002.2330397398.0000000004B70000.00000004.00001000.00020000.00000000.sdmp |
Source: | Binary string: D:\a\treesheets\treesheets\TS\TreeSheets.pdb source: SoundTune.exe, 00000000.00000002.2052148275.0000022583B6A000.00000004.00000020.00020000.00000000.sdmp, SoundTune.exe, 00000000.00000002.2054568199.00007FF77A8E9000.00000002.00000001.01000000.00000003.sdmp, SoundTune.exe, 00000000.00000000.2036588675.00007FF77A8E9000.00000002.00000001.01000000.00000003.sdmp, SoundTune.exe, 00000005.00000002.2243607521.00000278AD563000.00000004.00000020.00020000.00000000.sdmp, SoundTune.exe, 00000005.00000000.2166738092.00007FF6FE3D9000.00000002.00000001.01000000.0000000A.sdmp, SoundTune.exe, 00000005.00000002.2246810793.00007FF6FE3D9000.00000002.00000001.01000000.0000000A.sdmp, SoundTune.exe, 00000006.00000002.2202817464.00007FF6FE3D9000.00000002.00000001.01000000.0000000A.sdmp, SoundTune.exe, 00000006.00000000.2168813639.00007FF6FE3D9000.00000002.00000001.01000000.0000000A.sdmp, SoundTune.exe, 00000006.00000002.2200022527.000002A37E98C000.00000004.00000020.00020000.00000000.sdmp |
Source: C:\Users\user\AppData\Roaming\updatefa\SoundTune.exe | Code function: 5_2_0000009AC39CAAF7 pushfd ; ret | 5_2_0000009AC39CAB1B |
Source: C:\Users\user\AppData\Roaming\updatefa\SoundTune.exe | Code function: 5_2_0000009AC39CC0F8 pushfd ; ret | 5_2_0000009AC39CC0FB |
Source: C:\Users\user\AppData\Roaming\updatefa\SoundTune.exe | Code function: 5_2_0000009AC39CB0EC pushfd ; ret | 5_2_0000009AC39CB12B |
Source: C:\Users\user\AppData\Roaming\updatefa\SoundTune.exe | Code function: 5_2_0000009AC39CBEE2 pushfd ; ret | 5_2_0000009AC39CBEE3 |
Source: C:\Users\user\AppData\Roaming\updatefa\SoundTune.exe | Code function: 5_2_0000009AC39CE4E2 pushfd ; ret | 5_2_0000009AC39CE4F3 |
Source: C:\Users\user\AppData\Roaming\updatefa\SoundTune.exe | Code function: 5_2_0000009AC39CF6E2 pushfd ; ret | 5_2_0000009AC39CF6E3 |
Source: C:\Users\user\AppData\Roaming\updatefa\SoundTune.exe | Code function: 5_2_0000009AC39CCCE4 pushfd ; ret | 5_2_0000009AC39CCCBB |
Source: C:\Users\user\AppData\Roaming\updatefa\SoundTune.exe | Code function: 5_2_0000009AC39CACE4 pushfd ; ret | 5_2_0000009AC39CACFB |
Source: C:\Users\user\AppData\Roaming\updatefa\SoundTune.exe | Code function: 5_2_0000009AC39CB0DA pushfd ; ret | 5_2_0000009AC39CB0DB |
Source: C:\Users\user\AppData\Roaming\updatefa\SoundTune.exe | Code function: 5_2_0000009AC39CB4DA pushfd ; ret | 5_2_0000009AC39CB4DB |
Source: C:\Users\user\AppData\Roaming\updatefa\SoundTune.exe | Code function: 5_2_0000009AC39CE6DB pushfd ; ret | 5_2_0000009AC39CE6FB |
Source: C:\Users\user\AppData\Roaming\updatefa\SoundTune.exe | Code function: 5_2_0000009AC39C94DC pushfd ; ret | 5_2_0000009AC39C94FB |
Source: C:\Users\user\AppData\Roaming\updatefa\SoundTune.exe | Code function: 5_2_0000009AC39CB312 pushfd ; ret | 5_2_0000009AC39CB313 |
Source: C:\Users\user\AppData\Roaming\updatefa\SoundTune.exe | Code function: 5_2_0000009AC39CA314 pushfd ; ret | 5_2_0000009AC39CA393 |
Source: C:\Users\user\AppData\Roaming\updatefa\SoundTune.exe | Code function: 5_2_0000009AC39CF314 pushfd ; ret | 5_2_0000009AC39CF323 |
Source: C:\Users\user\AppData\Roaming\updatefa\SoundTune.exe | Code function: 5_2_0000009AC39CDD0A pushfd ; ret | 5_2_0000009AC39CDD13 |
Source: C:\Users\user\AppData\Roaming\updatefa\SoundTune.exe | Code function: 5_2_0000009AC39C950C pushfd ; ret | 5_2_0000009AC39C951B |
Source: C:\Users\user\AppData\Roaming\updatefa\SoundTune.exe | Code function: 5_2_0000009AC39CD10C pushfd ; ret | 5_2_0000009AC39CD12B |
Source: C:\Users\user\AppData\Roaming\updatefa\SoundTune.exe | Code function: 5_2_0000009AC39CF308 pushfd ; ret | 5_2_0000009AC39CF313 |
Source: C:\Users\user\AppData\Roaming\updatefa\SoundTune.exe | Code function: 5_2_0000009AC39CD101 pushfd ; ret | 5_2_0000009AC39CD08B |
Source: C:\Users\user\AppData\Roaming\updatefa\SoundTune.exe | Code function: 5_2_0000009AC39C9AFB pushfd ; ret | 5_2_0000009AC39C9B43 |
Source: C:\Users\user\AppData\Roaming\updatefa\SoundTune.exe | Code function: 5_2_0000009AC39CD538 pushfd ; ret | 5_2_0000009AC39CD53B |
Source: C:\Users\user\AppData\Roaming\updatefa\SoundTune.exe | Code function: 5_2_0000009AC39CCF32 pushfd ; ret | 5_2_0000009AC39CCF33 |
Source: C:\Users\user\AppData\Roaming\updatefa\SoundTune.exe | Code function: 5_2_0000009AC39C932C pushfd ; ret | 5_2_0000009AC39C93C3 |
Source: C:\Users\user\AppData\Roaming\updatefa\SoundTune.exe | Code function: 5_2_0000009AC39C9F2C pushfd ; ret | 5_2_0000009AC39C9F3B |
Source: C:\Users\user\AppData\Roaming\updatefa\SoundTune.exe | Code function: 5_2_0000009AC39CD32C pushfd ; ret | 5_2_0000009AC39CD3EB |
Source: C:\Users\user\AppData\Roaming\updatefa\SoundTune.exe | Code function: 5_2_0000009AC39C9D24 pushfd ; ret | 5_2_0000009AC39C9D3B |
Source: C:\Users\user\AppData\Roaming\updatefa\SoundTune.exe | Code function: 5_2_0000009AC39CAB1C pushfd ; ret | 5_2_0000009AC39CAB1B |
Source: C:\Users\user\AppData\Roaming\updatefa\SoundTune.exe | Code function: 5_2_0000009AC39CAB1C pushfd ; ret | 5_2_0000009AC39CABBB |
Source: C:\Users\user\AppData\Roaming\updatefa\SoundTune.exe | Code function: 5_2_0000009AC39CC11C pushfd ; ret | 5_2_0000009AC39CC18B |
Source: C:\Users\user\AppData\Roaming\updatefa\SoundTune.exe | Code function: 5_2_0000009AC39CC558 pushfd ; ret | 5_2_0000009AC39CC56B |
Source: C:\Users\user\AppData\Roaming\updatefa\SoundTune.exe | NtCreateFile: Direct from: 0x8100000080 | Jump to behavior |
Source: C:\Users\user\Desktop\SoundTune.exe | NtAllocateVirtualMemory: Direct from: 0x7FF8B7FF8054 | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\updatefa\SoundTune.exe | NtReadFile: Direct from: 0x7FF8A88E85FB | Jump to behavior |
Source: C:\Users\user\Desktop\SoundTune.exe | NtQuerySystemInformation: Direct from: 0x22581CEA630 | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\updatefa\SoundTune.exe | NtQuerySystemInformation: Direct from: 0x25B6E3CFCA0 | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\updatefa\SoundTune.exe | NtAllocateVirtualMemory: Direct from: 0x25B6E3D4D80 | Jump to behavior |
Source: C:\Users\user\Desktop\SoundTune.exe | NtCreateFile: Direct from: 0x7FF8B7FE78EC | Jump to behavior |
Source: C:\Users\user\Desktop\SoundTune.exe | NtAllocateVirtualMemory: Direct from: 0x22581CEDD20 | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\updatefa\SoundTune.exe | NtProtectVirtualMemory: Direct from: 0x278AB606F30 | Jump to behavior |
Source: C:\Users\user\Desktop\SoundTune.exe | NtReadFile: Direct from: 0x7FF8B7FE85FB | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\updatefa\SoundTune.exe | NtAllocateVirtualMemory: Direct from: 0x7FF8A88F8054 | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\updatefa\SoundTune.exe | NtProtectVirtualMemory: Direct from: 0x298 | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\updatefa\SoundTune.exe | NtAllocateVirtualMemory: Direct from: 0x2A37CC1F722 | Jump to behavior |
Source: C:\Users\user\Desktop\SoundTune.exe | NtProtectVirtualMemory: Direct from: 0x22581CF0760 | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\updatefa\SoundTune.exe | NtSetTimerEx: Direct from: 0x7FF8C88A26A1 | Jump to behavior |
Source: C:\Users\user\Desktop\SoundTune.exe | NtCreateFile: Direct from: 0x4800000080 | Jump to behavior |
Source: C:\Users\user\Desktop\SoundTune.exe | NtAllocateVirtualMemory: Direct from: 0x22581CF0BB0 | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\updatefa\SoundTune.exe | NtProtectVirtualMemory: Direct from: 0x7FF8A88F9B9C | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\updatefa\SoundTune.exe | NtProtectVirtualMemory: Direct from: 0x7FF8A88F9BF0 | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\updatefa\SoundTune.exe | NtProtectVirtualMemory: Direct from: 0x7FF8AC0453D3 | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\updatefa\SoundTune.exe | NtAllocateVirtualMemory: Direct from: 0x2A37CC19070 | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\updatefa\SoundTune.exe | NtCreateFile: Direct from: 0x7FF8A88E85AD | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\updatefa\SoundTune.exe | NtCreateFile: Direct from: 0xDB00000080 | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\updatefa\SoundTune.exe | NtWriteFile: Direct from: 0x25B7189DA30 | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\updatefa\SoundTune.exe | NtQuerySystemInformation: Direct from: 0x2A37CC13E60 | Jump to behavior |
Source: C:\Users\user\Desktop\SoundTune.exe | NtProtectVirtualMemory: Direct from: 0x2B0 | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\updatefa\SoundTune.exe | NtProtectVirtualMemory: Direct from: 0x7FF8C6F6FEE0 | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\updatefa\SoundTune.exe | NtProtectVirtualMemory: Direct from: 0x25B6E51BAB0 | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\updatefa\SoundTune.exe | NtWriteFile: Direct from: 0x2A30009DA30 | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\updatefa\SoundTune.exe | NtQueryInformationToken: Direct from: 0x9AC39CDF70 | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\updatefa\SoundTune.exe | NtQuerySystemInformation: Direct from: 0x9AC39CF4D0 | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\updatefa\SoundTune.exe | NtProtectVirtualMemory: Direct from: 0x7FF8A88F8735 | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\updatefa\SoundTune.exe | NtProtectVirtualMemory: Direct from: 0x278AE438E74 | Jump to behavior |
Source: C:\Users\user\Desktop\SoundTune.exe | NtCreateFile: Direct from: 0x7FF8B7FE85AD | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\updatefa\SoundTune.exe | NtAllocateVirtualMemory: Direct from: 0xA0A76ACB | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\updatefa\SoundTune.exe | NtAllocateVirtualMemory: Direct from: 0x278A9BC3CA2 | Jump to behavior |
Source: C:\Users\user\Desktop\SoundTune.exe | NtWriteFile: Direct from: 0x2258515DA30 | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\updatefa\SoundTune.exe | NtProtectVirtualMemory: Direct from: 0x2A37CD2BBB0 | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\updatefa\SoundTune.exe | NtCreateFile: Direct from: 0x7FF8A88E78EC | Jump to behavior |
Source: C:\Users\user\AppData\Roaming\updatefa\SoundTune.exe | NtAllocateVirtualMemory: Direct from: 0x25B6E3F5F32 | Jump to behavior |
Source: C:\Users\user\Desktop\SoundTune.exe | NtAllocateVirtualMemory: Direct from: 0x7FF8B7FE856E | Jump to behavior |