Source: |
Binary string: D:\BRONKZ BACKUP 16 02 2024\Loaders C# Bronkz Private Store\ESP Valorant C++\Cheat Valorant ESP - Private Store\x64\Release\YARREAK PROJE.pdb source: SecuriteInfo.com.Variant.Doina.72984.2628.5521.exe |
Source: |
Binary string: D:\XD\kdmapper-master\kdmapper-master\x64\Release\kdmapper.pdb11 source: SecuriteInfo.com.Variant.Doina.72984.2628.5521.exe, bugado.exe.0.dr |
Source: |
Binary string: eD:\BRONKZ BACKUP 16 02 2024\Loaders C# Bronkz Private Store\ESP Valorant C++\Cheat Valorant ESP - Private Store\x64\Release\YARREAK PROJE.pdb3,,GCTL source: SecuriteInfo.com.Variant.Doina.72984.2628.5521.exe |
Source: |
Binary string: C:\Users\textx\source\repos\democ_free\kernelmod\x64\Release\drv.pdb source: SecuriteInfo.com.Variant.Doina.72984.2628.5521.exe, bugado.sys.0.dr |
Source: |
Binary string: D:\XD\kdmapper-master\kdmapper-master\x64\Release\kdmapper.pdb source: SecuriteInfo.com.Variant.Doina.72984.2628.5521.exe, bugado.exe.0.dr |
Source: |
Binary string: c:\users\cloudbuild\337244\sdk\nal\src\winnt_wdm\driver\objfre_wnet_AMD64\amd64\iqvw64e.pdb source: SecuriteInfo.com.Variant.Doina.72984.2628.5521.exe, bugado.exe.0.dr, uKPwkwKUWlbmzgNfgIh.3.dr |
Source: |
Binary string: PwC:\Users\textx\source\repos\democ_free\kernelmod\x64\Release\drv.pdb source: SecuriteInfo.com.Variant.Doina.72984.2628.5521.exe, bugado.sys.0.dr |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Doina.72984.2628.5521.exe |
File opened: C:\Users\user\AppData |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Doina.72984.2628.5521.exe |
File opened: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Doina.72984.2628.5521.exe |
File opened: C:\Users\user |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Doina.72984.2628.5521.exe |
File opened: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Doina.72984.2628.5521.exe |
File opened: C:\Users\user\AppData\Roaming |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Doina.72984.2628.5521.exe |
File opened: C:\Users\user\AppData\Roaming\Microsoft |
Jump to behavior |
Source: SecuriteInfo.com.Variant.Doina.72984.2628.5521.exe, bugado.exe.0.dr, uKPwkwKUWlbmzgNfgIh.3.dr |
String found in binary or memory: http://crl.thawte.com/ThawteTimestampingCA.crl0 |
Source: SecuriteInfo.com.Variant.Doina.72984.2628.5521.exe, bugado.exe.0.dr, uKPwkwKUWlbmzgNfgIh.3.dr |
String found in binary or memory: http://ocsp.thawte.com0 |
Source: bugado.exe, 00000003.00000002.2096634574.0000013A43F3C000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://ocsp.veH |
Source: SecuriteInfo.com.Variant.Doina.72984.2628.5521.exe, bugado.exe.0.dr, uKPwkwKUWlbmzgNfgIh.3.dr |
String found in binary or memory: http://ts-aia.ws.symantec.com/tss-ca-g2.cer0 |
Source: SecuriteInfo.com.Variant.Doina.72984.2628.5521.exe, bugado.exe.0.dr, uKPwkwKUWlbmzgNfgIh.3.dr |
String found in binary or memory: http://ts-crl.ws.symantec.com/tss-ca-g2.crl0( |
Source: SecuriteInfo.com.Variant.Doina.72984.2628.5521.exe, bugado.exe.0.dr, uKPwkwKUWlbmzgNfgIh.3.dr |
String found in binary or memory: http://ts-ocsp.ws.symantec.com07 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Doina.72984.2628.5521.exe |
Code function: 0_2_00007FF725832D90 GetClientRect,QueryPerformanceCounter,GetKeyState,GetKeyState,GetKeyState,ClientToScreen,SetCursorPos,GetActiveWindow,GetCursorPos,ScreenToClient,GetAsyncKeyState, |
0_2_00007FF725832D90 |
Source: C:\Windows\SoftwareDistribution\Download\bugado.exe |
Code function: 3_2_00007FF61758D520 RegCreateKeyW,RegSetKeyValueW,RegCloseKey,?wcout@std@@3V?$basic_ostream@_WU?$char_traits@_W@std@@@1@A,??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z,_invalid_parameter_noinfo_noreturn,RegSetKeyValueW,RegCloseKey,RegCloseKey,GetModuleHandleA,GetProcAddress,GetProcAddress,RtlAdjustPrivilege,RtlInitUnicodeString,NtLoadDriver,?wcout@std@@3V?$basic_ostream@_WU?$char_traits@_W@std@@@1@A,??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z,??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@J@Z,??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn, |
3_2_00007FF61758D520 |
Source: C:\Windows\SoftwareDistribution\Download\bugado.exe |
Code function: 3_2_00007FF617582A90 NtQuerySystemInformation,VirtualFree,VirtualAlloc,NtQuerySystemInformation,GetCurrentProcessId,VirtualFree,DeviceIoControl,DeviceIoControl,DeviceIoControl,DeviceIoControl,memset,DeviceIoControl,DeviceIoControl,?wcout@std@@3V?$basic_ostream@_WU?$char_traits@_W@std@@@1@A,??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z,?wcout@std@@3V?$basic_ostream@_WU?$char_traits@_W@std@@@1@A,??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z,VirtualFree, |
3_2_00007FF617582A90 |
Source: C:\Windows\SoftwareDistribution\Download\bugado.exe |
Code function: 3_2_00007FF61758DF00 NtQuerySystemInformation,VirtualFree,VirtualAlloc,NtQuerySystemInformation,VirtualFree,_stricmp,VirtualFree,VirtualFree,_invalid_parameter_noinfo_noreturn, |
3_2_00007FF61758DF00 |
Source: C:\Windows\SoftwareDistribution\Download\bugado.exe |
Code function: 3_2_00007FF61758D520 RegCreateKeyW,RegSetKeyValueW,RegCloseKey,?wcout@std@@3V?$basic_ostream@_WU?$char_traits@_W@std@@@1@A,??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z,_invalid_parameter_noinfo_noreturn,RegSetKeyValueW,RegCloseKey,RegCloseKey,GetModuleHandleA,GetProcAddress,GetProcAddress,RtlAdjustPrivilege,RtlInitUnicodeString,NtLoadDriver,?wcout@std@@3V?$basic_ostream@_WU?$char_traits@_W@std@@@1@A,??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z,??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@J@Z,??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn, |
3_2_00007FF61758D520 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Doina.72984.2628.5521.exe |
Code function: 0_2_00007FF7258016C0 |
0_2_00007FF7258016C0 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Doina.72984.2628.5521.exe |
Code function: 0_2_00007FF7258202E0 |
0_2_00007FF7258202E0 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Doina.72984.2628.5521.exe |
Code function: 0_2_00007FF7258082E0 |
0_2_00007FF7258082E0 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Doina.72984.2628.5521.exe |
Code function: 0_2_00007FF72580AAE0 |
0_2_00007FF72580AAE0 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Doina.72984.2628.5521.exe |
Code function: 0_2_00007FF72580EA30 |
0_2_00007FF72580EA30 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Doina.72984.2628.5521.exe |
Code function: 0_2_00007FF725811650 |
0_2_00007FF725811650 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Doina.72984.2628.5521.exe |
Code function: 0_2_00007FF72582CA40 |
0_2_00007FF72582CA40 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Doina.72984.2628.5521.exe |
Code function: 0_2_00007FF72580B660 |
0_2_00007FF72580B660 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Doina.72984.2628.5521.exe |
Code function: 0_2_00007FF725828DB0 |
0_2_00007FF725828DB0 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Doina.72984.2628.5521.exe |
Code function: 0_2_00007FF7257FF1D0 |
0_2_00007FF7257FF1D0 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Doina.72984.2628.5521.exe |
Code function: 0_2_00007FF725826210 |
0_2_00007FF725826210 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Doina.72984.2628.5521.exe |
Code function: 0_2_00007FF7257FC615 |
0_2_00007FF7257FC615 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Doina.72984.2628.5521.exe |
Code function: 0_2_00007FF725807210 |
0_2_00007FF725807210 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Doina.72984.2628.5521.exe |
Code function: 0_2_00007FF725818120 |
0_2_00007FF725818120 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Doina.72984.2628.5521.exe |
Code function: 0_2_00007FF7257F2D70 |
0_2_00007FF7257F2D70 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Doina.72984.2628.5521.exe |
Code function: 0_2_00007FF725824160 |
0_2_00007FF725824160 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Doina.72984.2628.5521.exe |
Code function: 0_2_00007FF725809D60 |
0_2_00007FF725809D60 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Doina.72984.2628.5521.exe |
Code function: 0_2_00007FF725832D90 |
0_2_00007FF725832D90 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Doina.72984.2628.5521.exe |
Code function: 0_2_00007FF72580A580 |
0_2_00007FF72580A580 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Doina.72984.2628.5521.exe |
Code function: 0_2_00007FF7258174D0 |
0_2_00007FF7258174D0 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Doina.72984.2628.5521.exe |
Code function: 0_2_00007FF72580B8F0 |
0_2_00007FF72580B8F0 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Doina.72984.2628.5521.exe |
Code function: 0_2_00007FF725836050 |
0_2_00007FF725836050 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Doina.72984.2628.5521.exe |
Code function: 0_2_00007FF725801C50 |
0_2_00007FF725801C50 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Doina.72984.2628.5521.exe |
Code function: 0_2_00007FF725812870 |
0_2_00007FF725812870 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Doina.72984.2628.5521.exe |
Code function: 0_2_00007FF7258283E0 |
0_2_00007FF7258283E0 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Doina.72984.2628.5521.exe |
Code function: 0_2_00007FF725827B30 |
0_2_00007FF725827B30 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Doina.72984.2628.5521.exe |
Code function: 0_2_00007FF725809730 |
0_2_00007FF725809730 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Doina.72984.2628.5521.exe |
Code function: 0_2_00007FF725818F20 |
0_2_00007FF725818F20 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Doina.72984.2628.5521.exe |
Code function: 0_2_00007FF72580DB50 |
0_2_00007FF72580DB50 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Doina.72984.2628.5521.exe |
Code function: 0_2_00007FF725814B50 |
0_2_00007FF725814B50 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Doina.72984.2628.5521.exe |
Code function: 0_2_00007FF725805B50 |
0_2_00007FF725805B50 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Doina.72984.2628.5521.exe |
Code function: 0_2_00007FF725813340 |
0_2_00007FF725813340 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Doina.72984.2628.5521.exe |
Code function: 0_2_00007FF72581CB70 |
0_2_00007FF72581CB70 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Doina.72984.2628.5521.exe |
Code function: 0_2_00007FF725827F60 |
0_2_00007FF725827F60 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Doina.72984.2628.5521.exe |
Code function: 0_2_00007FF725821760 |
0_2_00007FF725821760 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Doina.72984.2628.5521.exe |
Code function: 0_2_00007FF72580BB80 |
0_2_00007FF72580BB80 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Doina.72984.2628.5521.exe |
Code function: 0_2_00007FF72580BF80 |
0_2_00007FF72580BF80 |
Source: C:\Windows\SoftwareDistribution\Download\bugado.exe |
Code function: 3_2_00007FF617581780 |
3_2_00007FF617581780 |
Source: C:\Windows\SoftwareDistribution\Download\bugado.exe |
Code function: 3_2_00007FF617582A90 |
3_2_00007FF617582A90 |
Source: SecuriteInfo.com.Variant.Doina.72984.2628.5521.exe, 00000000.00000002.4517630062.0000023F9BA64000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: OriginalFileName vs SecuriteInfo.com.Variant.Doina.72984.2628.5521.exe |
Source: SecuriteInfo.com.Variant.Doina.72984.2628.5521.exe, 00000000.00000003.2394822838.0000023F9BA54000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: OriginalFileName vs SecuriteInfo.com.Variant.Doina.72984.2628.5521.exe |
Source: SecuriteInfo.com.Variant.Doina.72984.2628.5521.exe, 00000000.00000002.4517982925.00007FF7258AE000.00000008.00000001.01000000.00000003.sdmp |
Binary or memory string: OriginalFilenameiQVW64.SYSH vs SecuriteInfo.com.Variant.Doina.72984.2628.5521.exe |
Source: SecuriteInfo.com.Variant.Doina.72984.2628.5521.exe, 00000000.00000003.2394565534.0000023F9BA54000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: OriginalFileName vs SecuriteInfo.com.Variant.Doina.72984.2628.5521.exe |
Source: SecuriteInfo.com.Variant.Doina.72984.2628.5521.exe, 00000000.00000000.2074111889.00007FF7258AD000.00000008.00000001.01000000.00000003.sdmp |
Binary or memory string: OriginalFilenameiQVW64.SYSH vs SecuriteInfo.com.Variant.Doina.72984.2628.5521.exe |
Source: SecuriteInfo.com.Variant.Doina.72984.2628.5521.exe, 00000000.00000003.2394918831.0000023F9BA63000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: OriginalFileName vs SecuriteInfo.com.Variant.Doina.72984.2628.5521.exe |
Source: SecuriteInfo.com.Variant.Doina.72984.2628.5521.exe, 00000000.00000003.2394884952.0000023F9BA5F000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: OriginalFileName vs SecuriteInfo.com.Variant.Doina.72984.2628.5521.exe |
Source: SecuriteInfo.com.Variant.Doina.72984.2628.5521.exe |
Binary or memory string: OriginalFilenameiQVW64.SYSH vs SecuriteInfo.com.Variant.Doina.72984.2628.5521.exe |
Source: unknown |
Process created: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Doina.72984.2628.5521.exe "C:\Users\user\Desktop\SecuriteInfo.com.Variant.Doina.72984.2628.5521.exe" |
|
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Doina.72984.2628.5521.exe |
Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 |
|
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Doina.72984.2628.5521.exe |
Process created: C:\Windows\SoftwareDistribution\Download\bugado.exe "C:\Windows\SoftwareDistribution\Download\bugado.exe" C:\Windows\SoftwareDistribution\Download\bugado.sys |
|
Source: C:\Windows\SoftwareDistribution\Download\bugado.exe |
Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 |
|
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Doina.72984.2628.5521.exe |
Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c cls |
|
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Doina.72984.2628.5521.exe |
Process created: C:\Windows\SoftwareDistribution\Download\bugado.exe "C:\Windows\SoftwareDistribution\Download\bugado.exe" C:\Windows\SoftwareDistribution\Download\bugado.sys |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Doina.72984.2628.5521.exe |
Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c cls |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Doina.72984.2628.5521.exe |
Section loaded: apphelp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Doina.72984.2628.5521.exe |
Section loaded: msvcp140.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Doina.72984.2628.5521.exe |
Section loaded: dwmapi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Doina.72984.2628.5521.exe |
Section loaded: d3d9.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Doina.72984.2628.5521.exe |
Section loaded: vcruntime140_1.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Doina.72984.2628.5521.exe |
Section loaded: vcruntime140.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Doina.72984.2628.5521.exe |
Section loaded: vcruntime140.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Doina.72984.2628.5521.exe |
Section loaded: vcruntime140_1.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Doina.72984.2628.5521.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Doina.72984.2628.5521.exe |
Section loaded: windows.storage.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Doina.72984.2628.5521.exe |
Section loaded: vcruntime140.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Doina.72984.2628.5521.exe |
Section loaded: wldp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Doina.72984.2628.5521.exe |
Section loaded: cryptbase.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Doina.72984.2628.5521.exe |
Section loaded: uxtheme.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Doina.72984.2628.5521.exe |
Section loaded: propsys.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Doina.72984.2628.5521.exe |
Section loaded: profapi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Doina.72984.2628.5521.exe |
Section loaded: twext.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Doina.72984.2628.5521.exe |
Section loaded: cscui.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Doina.72984.2628.5521.exe |
Section loaded: windows.staterepositoryps.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Doina.72984.2628.5521.exe |
Section loaded: appresolver.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Doina.72984.2628.5521.exe |
Section loaded: bcp47langs.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Doina.72984.2628.5521.exe |
Section loaded: slc.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Doina.72984.2628.5521.exe |
Section loaded: userenv.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Doina.72984.2628.5521.exe |
Section loaded: sppc.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Doina.72984.2628.5521.exe |
Section loaded: policymanager.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Doina.72984.2628.5521.exe |
Section loaded: msvcp110_win.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Doina.72984.2628.5521.exe |
Section loaded: workfoldersshell.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Doina.72984.2628.5521.exe |
Section loaded: ntshrui.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Doina.72984.2628.5521.exe |
Section loaded: sspicli.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Doina.72984.2628.5521.exe |
Section loaded: windows.fileexplorer.common.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Doina.72984.2628.5521.exe |
Section loaded: iertutil.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Doina.72984.2628.5521.exe |
Section loaded: srvcli.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Doina.72984.2628.5521.exe |
Section loaded: cscapi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Doina.72984.2628.5521.exe |
Section loaded: twinapi.appcore.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Doina.72984.2628.5521.exe |
Section loaded: textshaping.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Doina.72984.2628.5521.exe |
Section loaded: version.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Doina.72984.2628.5521.exe |
Section loaded: wtsapi32.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Doina.72984.2628.5521.exe |
Section loaded: msasn1.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Doina.72984.2628.5521.exe |
Section loaded: starttiledata.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Doina.72984.2628.5521.exe |
Section loaded: coremessaging.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Doina.72984.2628.5521.exe |
Section loaded: usermgrcli.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Doina.72984.2628.5521.exe |
Section loaded: usermgrproxy.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Doina.72984.2628.5521.exe |
Section loaded: acppage.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Doina.72984.2628.5521.exe |
Section loaded: sfc.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Doina.72984.2628.5521.exe |
Section loaded: msi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Doina.72984.2628.5521.exe |
Section loaded: aepic.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Doina.72984.2628.5521.exe |
Section loaded: ntmarta.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Doina.72984.2628.5521.exe |
Section loaded: cryptsp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Doina.72984.2628.5521.exe |
Section loaded: sfc_os.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Doina.72984.2628.5521.exe |
Section loaded: edputil.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Doina.72984.2628.5521.exe |
Section loaded: urlmon.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Doina.72984.2628.5521.exe |
Section loaded: netutils.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Doina.72984.2628.5521.exe |
Section loaded: wintypes.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Doina.72984.2628.5521.exe |
Section loaded: onecorecommonproxystub.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Doina.72984.2628.5521.exe |
Section loaded: onecoreuapcommonproxystub.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Doina.72984.2628.5521.exe |
Section loaded: msasn1.dll |
Jump to behavior |
Source: C:\Windows\SoftwareDistribution\Download\bugado.exe |
Section loaded: apphelp.dll |
Jump to behavior |
Source: C:\Windows\SoftwareDistribution\Download\bugado.exe |
Section loaded: msvcp140.dll |
Jump to behavior |
Source: C:\Windows\SoftwareDistribution\Download\bugado.exe |
Section loaded: vcruntime140_1.dll |
Jump to behavior |
Source: C:\Windows\SoftwareDistribution\Download\bugado.exe |
Section loaded: vcruntime140.dll |
Jump to behavior |
Source: C:\Windows\SoftwareDistribution\Download\bugado.exe |
Section loaded: vcruntime140.dll |
Jump to behavior |
Source: C:\Windows\SoftwareDistribution\Download\bugado.exe |
Section loaded: vcruntime140_1.dll |
Jump to behavior |
Source: C:\Windows\SoftwareDistribution\Download\bugado.exe |
Section loaded: vcruntime140.dll |
Jump to behavior |
Source: C:\Windows\SoftwareDistribution\Download\bugado.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
Source: SecuriteInfo.com.Variant.Doina.72984.2628.5521.exe |
Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT |
Source: SecuriteInfo.com.Variant.Doina.72984.2628.5521.exe |
Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE |
Source: SecuriteInfo.com.Variant.Doina.72984.2628.5521.exe |
Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC |
Source: SecuriteInfo.com.Variant.Doina.72984.2628.5521.exe |
Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG |
Source: SecuriteInfo.com.Variant.Doina.72984.2628.5521.exe |
Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG |
Source: SecuriteInfo.com.Variant.Doina.72984.2628.5521.exe |
Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT |
Source: |
Binary string: D:\BRONKZ BACKUP 16 02 2024\Loaders C# Bronkz Private Store\ESP Valorant C++\Cheat Valorant ESP - Private Store\x64\Release\YARREAK PROJE.pdb source: SecuriteInfo.com.Variant.Doina.72984.2628.5521.exe |
Source: |
Binary string: D:\XD\kdmapper-master\kdmapper-master\x64\Release\kdmapper.pdb11 source: SecuriteInfo.com.Variant.Doina.72984.2628.5521.exe, bugado.exe.0.dr |
Source: |
Binary string: eD:\BRONKZ BACKUP 16 02 2024\Loaders C# Bronkz Private Store\ESP Valorant C++\Cheat Valorant ESP - Private Store\x64\Release\YARREAK PROJE.pdb3,,GCTL source: SecuriteInfo.com.Variant.Doina.72984.2628.5521.exe |
Source: |
Binary string: C:\Users\textx\source\repos\democ_free\kernelmod\x64\Release\drv.pdb source: SecuriteInfo.com.Variant.Doina.72984.2628.5521.exe, bugado.sys.0.dr |
Source: |
Binary string: D:\XD\kdmapper-master\kdmapper-master\x64\Release\kdmapper.pdb source: SecuriteInfo.com.Variant.Doina.72984.2628.5521.exe, bugado.exe.0.dr |
Source: |
Binary string: c:\users\cloudbuild\337244\sdk\nal\src\winnt_wdm\driver\objfre_wnet_AMD64\amd64\iqvw64e.pdb source: SecuriteInfo.com.Variant.Doina.72984.2628.5521.exe, bugado.exe.0.dr, uKPwkwKUWlbmzgNfgIh.3.dr |
Source: |
Binary string: PwC:\Users\textx\source\repos\democ_free\kernelmod\x64\Release\drv.pdb source: SecuriteInfo.com.Variant.Doina.72984.2628.5521.exe, bugado.sys.0.dr |
Source: SecuriteInfo.com.Variant.Doina.72984.2628.5521.exe |
Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata |
Source: SecuriteInfo.com.Variant.Doina.72984.2628.5521.exe |
Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc |
Source: SecuriteInfo.com.Variant.Doina.72984.2628.5521.exe |
Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc |
Source: SecuriteInfo.com.Variant.Doina.72984.2628.5521.exe |
Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata |
Source: SecuriteInfo.com.Variant.Doina.72984.2628.5521.exe |
Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata |
Source: C:\Windows\SoftwareDistribution\Download\bugado.exe |
Code function: 3_2_00007FF617582A90 NtQuerySystemInformation,VirtualFree,VirtualAlloc,NtQuerySystemInformation,GetCurrentProcessId,VirtualFree,DeviceIoControl,DeviceIoControl,DeviceIoControl,DeviceIoControl,memset,DeviceIoControl,DeviceIoControl,?wcout@std@@3V?$basic_ostream@_WU?$char_traits@_W@std@@@1@A,??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z,?wcout@std@@3V?$basic_ostream@_WU?$char_traits@_W@std@@@1@A,??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z,VirtualFree, |
3_2_00007FF617582A90 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Doina.72984.2628.5521.exe |
File opened: C:\Users\user\AppData |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Doina.72984.2628.5521.exe |
File opened: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Doina.72984.2628.5521.exe |
File opened: C:\Users\user |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Doina.72984.2628.5521.exe |
File opened: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Doina.72984.2628.5521.exe |
File opened: C:\Users\user\AppData\Roaming |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Doina.72984.2628.5521.exe |
File opened: C:\Users\user\AppData\Roaming\Microsoft |
Jump to behavior |
Source: C:\Windows\SoftwareDistribution\Download\bugado.exe |
Code function: 3_2_00007FF617582A90 NtQuerySystemInformation,VirtualFree,VirtualAlloc,NtQuerySystemInformation,GetCurrentProcessId,VirtualFree,DeviceIoControl,DeviceIoControl,DeviceIoControl,DeviceIoControl,memset,DeviceIoControl,DeviceIoControl,?wcout@std@@3V?$basic_ostream@_WU?$char_traits@_W@std@@@1@A,??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z,?wcout@std@@3V?$basic_ostream@_WU?$char_traits@_W@std@@@1@A,??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z,VirtualFree, |
3_2_00007FF617582A90 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Doina.72984.2628.5521.exe |
Code function: 0_2_00007FF725833B70 system,system,system,?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A,Sleep,exit,GetModuleHandleA,GetProcAddress,GetProcessHeap,HeapAlloc,GetProcessHeap,HeapReAlloc,GetProcessHeap,HeapReAlloc,system,?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A,system,system,?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A,Sleep,exit, |
0_2_00007FF725833B70 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Doina.72984.2628.5521.exe |
Code function: 0_2_00007FF725836EC0 SetUnhandledExceptionFilter, |
0_2_00007FF725836EC0 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Doina.72984.2628.5521.exe |
Code function: 0_2_00007FF7258371F0 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess, |
0_2_00007FF7258371F0 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Doina.72984.2628.5521.exe |
Code function: 0_2_00007FF725836D18 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, |
0_2_00007FF725836D18 |
Source: C:\Windows\SoftwareDistribution\Download\bugado.exe |
Code function: 3_2_00007FF617589D10 SetUnhandledExceptionFilter,_wcsicmp,_wcsicmp,_wcsicmp,_wcsicmp,?wcout@std@@3V?$basic_ostream@_WU?$char_traits@_W@std@@@1@A,??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z,?wcout@std@@3V?$basic_ostream@_WU?$char_traits@_W@std@@@1@A,??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z,?wcout@std@@3V?$basic_ostream@_WU?$char_traits@_W@std@@@1@A,??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z,memcmp,?wcout@std@@3V?$basic_ostream@_WU?$char_traits@_W@std@@@1@A,??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z,?wcout@std@@3V?$basic_ostream@_WU?$char_traits@_W@std@@@1@A,??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,?wcout@std@@3V?$basic_ostream@_WU?$char_traits@_W@std@@@1@A,??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z,_invalid_parameter_noinfo_noreturn,?wcout@std@@3V?$basic_ostream@_WU?$char_traits@_W@std@@@1@A,?wcout@std@@3V?$basic_ostream@_WU?$char_traits@_W@std@@@1@A,??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z,?wcout@std@@3V?$basic_ostream@_WU?$char_traits@_W@std@@@1@A,??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z,?wcout@std@@3V?$basic_ostream@_WU?$char_traits@_W@std@@@1@A,??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn, |
3_2_00007FF617589D10 |
Source: C:\Windows\SoftwareDistribution\Download\bugado.exe |
Code function: 3_2_00007FF61758F884 SetUnhandledExceptionFilter, |
3_2_00007FF61758F884 |
Source: C:\Windows\SoftwareDistribution\Download\bugado.exe |
Code function: 3_2_00007FF61758F6D8 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, |
3_2_00007FF61758F6D8 |
Source: C:\Windows\SoftwareDistribution\Download\bugado.exe |
Code function: 3_2_00007FF61758F140 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess, |
3_2_00007FF61758F140 |