Source: | Binary string: D:\BRONKZ BACKUP 16 02 2024\Loaders C# Bronkz Private Store\ESP Valorant C++\Cheat Valorant ESP - Private Store\x64\Release\YARREAK PROJE.pdb source: SecuriteInfo.com.Variant.Doina.72984.2628.5521.exe |
Source: | Binary string: D:\XD\kdmapper-master\kdmapper-master\x64\Release\kdmapper.pdb11 source: SecuriteInfo.com.Variant.Doina.72984.2628.5521.exe, bugado.exe.0.dr |
Source: | Binary string: eD:\BRONKZ BACKUP 16 02 2024\Loaders C# Bronkz Private Store\ESP Valorant C++\Cheat Valorant ESP - Private Store\x64\Release\YARREAK PROJE.pdb3,,GCTL source: SecuriteInfo.com.Variant.Doina.72984.2628.5521.exe |
Source: | Binary string: C:\Users\textx\source\repos\democ_free\kernelmod\x64\Release\drv.pdb source: SecuriteInfo.com.Variant.Doina.72984.2628.5521.exe, bugado.sys.0.dr |
Source: | Binary string: D:\XD\kdmapper-master\kdmapper-master\x64\Release\kdmapper.pdb source: SecuriteInfo.com.Variant.Doina.72984.2628.5521.exe, bugado.exe.0.dr |
Source: | Binary string: c:\users\cloudbuild\337244\sdk\nal\src\winnt_wdm\driver\objfre_wnet_AMD64\amd64\iqvw64e.pdb source: SecuriteInfo.com.Variant.Doina.72984.2628.5521.exe, bugado.exe.0.dr, uKPwkwKUWlbmzgNfgIh.3.dr |
Source: | Binary string: PwC:\Users\textx\source\repos\democ_free\kernelmod\x64\Release\drv.pdb source: SecuriteInfo.com.Variant.Doina.72984.2628.5521.exe, bugado.sys.0.dr |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Doina.72984.2628.5521.exe | File opened: C:\Users\user\AppData | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Doina.72984.2628.5521.exe | File opened: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Doina.72984.2628.5521.exe | File opened: C:\Users\user | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Doina.72984.2628.5521.exe | File opened: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Doina.72984.2628.5521.exe | File opened: C:\Users\user\AppData\Roaming | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Doina.72984.2628.5521.exe | File opened: C:\Users\user\AppData\Roaming\Microsoft | Jump to behavior |
Source: SecuriteInfo.com.Variant.Doina.72984.2628.5521.exe, bugado.exe.0.dr, uKPwkwKUWlbmzgNfgIh.3.dr | String found in binary or memory: http://crl.thawte.com/ThawteTimestampingCA.crl0 |
Source: SecuriteInfo.com.Variant.Doina.72984.2628.5521.exe, bugado.exe.0.dr, uKPwkwKUWlbmzgNfgIh.3.dr | String found in binary or memory: http://ocsp.thawte.com0 |
Source: bugado.exe, 00000003.00000002.2096634574.0000013A43F3C000.00000004.00000020.00020000.00000000.sdmp | String found in binary or memory: http://ocsp.veH |
Source: SecuriteInfo.com.Variant.Doina.72984.2628.5521.exe, bugado.exe.0.dr, uKPwkwKUWlbmzgNfgIh.3.dr | String found in binary or memory: http://ts-aia.ws.symantec.com/tss-ca-g2.cer0 |
Source: SecuriteInfo.com.Variant.Doina.72984.2628.5521.exe, bugado.exe.0.dr, uKPwkwKUWlbmzgNfgIh.3.dr | String found in binary or memory: http://ts-crl.ws.symantec.com/tss-ca-g2.crl0( |
Source: SecuriteInfo.com.Variant.Doina.72984.2628.5521.exe, bugado.exe.0.dr, uKPwkwKUWlbmzgNfgIh.3.dr | String found in binary or memory: http://ts-ocsp.ws.symantec.com07 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Doina.72984.2628.5521.exe | Code function: 0_2_00007FF725832D90 GetClientRect,QueryPerformanceCounter,GetKeyState,GetKeyState,GetKeyState,ClientToScreen,SetCursorPos,GetActiveWindow,GetCursorPos,ScreenToClient,GetAsyncKeyState, | 0_2_00007FF725832D90 |
Source: C:\Windows\SoftwareDistribution\Download\bugado.exe | Code function: 3_2_00007FF61758D520 RegCreateKeyW,RegSetKeyValueW,RegCloseKey,?wcout@std@@3V?$basic_ostream@_WU?$char_traits@_W@std@@@1@A,??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z,_invalid_parameter_noinfo_noreturn,RegSetKeyValueW,RegCloseKey,RegCloseKey,GetModuleHandleA,GetProcAddress,GetProcAddress,RtlAdjustPrivilege,RtlInitUnicodeString,NtLoadDriver,?wcout@std@@3V?$basic_ostream@_WU?$char_traits@_W@std@@@1@A,??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z,??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@J@Z,??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn, | 3_2_00007FF61758D520 |
Source: C:\Windows\SoftwareDistribution\Download\bugado.exe | Code function: 3_2_00007FF617582A90 NtQuerySystemInformation,VirtualFree,VirtualAlloc,NtQuerySystemInformation,GetCurrentProcessId,VirtualFree,DeviceIoControl,DeviceIoControl,DeviceIoControl,DeviceIoControl,memset,DeviceIoControl,DeviceIoControl,?wcout@std@@3V?$basic_ostream@_WU?$char_traits@_W@std@@@1@A,??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z,?wcout@std@@3V?$basic_ostream@_WU?$char_traits@_W@std@@@1@A,??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z,VirtualFree, | 3_2_00007FF617582A90 |
Source: C:\Windows\SoftwareDistribution\Download\bugado.exe | Code function: 3_2_00007FF61758DF00 NtQuerySystemInformation,VirtualFree,VirtualAlloc,NtQuerySystemInformation,VirtualFree,_stricmp,VirtualFree,VirtualFree,_invalid_parameter_noinfo_noreturn, | 3_2_00007FF61758DF00 |
Source: C:\Windows\SoftwareDistribution\Download\bugado.exe | Code function: 3_2_00007FF61758D520 RegCreateKeyW,RegSetKeyValueW,RegCloseKey,?wcout@std@@3V?$basic_ostream@_WU?$char_traits@_W@std@@@1@A,??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z,_invalid_parameter_noinfo_noreturn,RegSetKeyValueW,RegCloseKey,RegCloseKey,GetModuleHandleA,GetProcAddress,GetProcAddress,RtlAdjustPrivilege,RtlInitUnicodeString,NtLoadDriver,?wcout@std@@3V?$basic_ostream@_WU?$char_traits@_W@std@@@1@A,??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z,??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@J@Z,??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn, | 3_2_00007FF61758D520 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Doina.72984.2628.5521.exe | Code function: 0_2_00007FF7258016C0 | 0_2_00007FF7258016C0 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Doina.72984.2628.5521.exe | Code function: 0_2_00007FF7258202E0 | 0_2_00007FF7258202E0 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Doina.72984.2628.5521.exe | Code function: 0_2_00007FF7258082E0 | 0_2_00007FF7258082E0 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Doina.72984.2628.5521.exe | Code function: 0_2_00007FF72580AAE0 | 0_2_00007FF72580AAE0 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Doina.72984.2628.5521.exe | Code function: 0_2_00007FF72580EA30 | 0_2_00007FF72580EA30 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Doina.72984.2628.5521.exe | Code function: 0_2_00007FF725811650 | 0_2_00007FF725811650 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Doina.72984.2628.5521.exe | Code function: 0_2_00007FF72582CA40 | 0_2_00007FF72582CA40 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Doina.72984.2628.5521.exe | Code function: 0_2_00007FF72580B660 | 0_2_00007FF72580B660 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Doina.72984.2628.5521.exe | Code function: 0_2_00007FF725828DB0 | 0_2_00007FF725828DB0 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Doina.72984.2628.5521.exe | Code function: 0_2_00007FF7257FF1D0 | 0_2_00007FF7257FF1D0 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Doina.72984.2628.5521.exe | Code function: 0_2_00007FF725826210 | 0_2_00007FF725826210 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Doina.72984.2628.5521.exe | Code function: 0_2_00007FF7257FC615 | 0_2_00007FF7257FC615 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Doina.72984.2628.5521.exe | Code function: 0_2_00007FF725807210 | 0_2_00007FF725807210 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Doina.72984.2628.5521.exe | Code function: 0_2_00007FF725818120 | 0_2_00007FF725818120 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Doina.72984.2628.5521.exe | Code function: 0_2_00007FF7257F2D70 | 0_2_00007FF7257F2D70 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Doina.72984.2628.5521.exe | Code function: 0_2_00007FF725824160 | 0_2_00007FF725824160 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Doina.72984.2628.5521.exe | Code function: 0_2_00007FF725809D60 | 0_2_00007FF725809D60 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Doina.72984.2628.5521.exe | Code function: 0_2_00007FF725832D90 | 0_2_00007FF725832D90 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Doina.72984.2628.5521.exe | Code function: 0_2_00007FF72580A580 | 0_2_00007FF72580A580 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Doina.72984.2628.5521.exe | Code function: 0_2_00007FF7258174D0 | 0_2_00007FF7258174D0 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Doina.72984.2628.5521.exe | Code function: 0_2_00007FF72580B8F0 | 0_2_00007FF72580B8F0 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Doina.72984.2628.5521.exe | Code function: 0_2_00007FF725836050 | 0_2_00007FF725836050 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Doina.72984.2628.5521.exe | Code function: 0_2_00007FF725801C50 | 0_2_00007FF725801C50 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Doina.72984.2628.5521.exe | Code function: 0_2_00007FF725812870 | 0_2_00007FF725812870 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Doina.72984.2628.5521.exe | Code function: 0_2_00007FF7258283E0 | 0_2_00007FF7258283E0 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Doina.72984.2628.5521.exe | Code function: 0_2_00007FF725827B30 | 0_2_00007FF725827B30 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Doina.72984.2628.5521.exe | Code function: 0_2_00007FF725809730 | 0_2_00007FF725809730 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Doina.72984.2628.5521.exe | Code function: 0_2_00007FF725818F20 | 0_2_00007FF725818F20 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Doina.72984.2628.5521.exe | Code function: 0_2_00007FF72580DB50 | 0_2_00007FF72580DB50 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Doina.72984.2628.5521.exe | Code function: 0_2_00007FF725814B50 | 0_2_00007FF725814B50 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Doina.72984.2628.5521.exe | Code function: 0_2_00007FF725805B50 | 0_2_00007FF725805B50 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Doina.72984.2628.5521.exe | Code function: 0_2_00007FF725813340 | 0_2_00007FF725813340 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Doina.72984.2628.5521.exe | Code function: 0_2_00007FF72581CB70 | 0_2_00007FF72581CB70 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Doina.72984.2628.5521.exe | Code function: 0_2_00007FF725827F60 | 0_2_00007FF725827F60 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Doina.72984.2628.5521.exe | Code function: 0_2_00007FF725821760 | 0_2_00007FF725821760 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Doina.72984.2628.5521.exe | Code function: 0_2_00007FF72580BB80 | 0_2_00007FF72580BB80 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Doina.72984.2628.5521.exe | Code function: 0_2_00007FF72580BF80 | 0_2_00007FF72580BF80 |
Source: C:\Windows\SoftwareDistribution\Download\bugado.exe | Code function: 3_2_00007FF617581780 | 3_2_00007FF617581780 |
Source: C:\Windows\SoftwareDistribution\Download\bugado.exe | Code function: 3_2_00007FF617582A90 | 3_2_00007FF617582A90 |
Source: SecuriteInfo.com.Variant.Doina.72984.2628.5521.exe, 00000000.00000002.4517630062.0000023F9BA64000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: OriginalFileName vs SecuriteInfo.com.Variant.Doina.72984.2628.5521.exe |
Source: SecuriteInfo.com.Variant.Doina.72984.2628.5521.exe, 00000000.00000003.2394822838.0000023F9BA54000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: OriginalFileName vs SecuriteInfo.com.Variant.Doina.72984.2628.5521.exe |
Source: SecuriteInfo.com.Variant.Doina.72984.2628.5521.exe, 00000000.00000002.4517982925.00007FF7258AE000.00000008.00000001.01000000.00000003.sdmp | Binary or memory string: OriginalFilenameiQVW64.SYSH vs SecuriteInfo.com.Variant.Doina.72984.2628.5521.exe |
Source: SecuriteInfo.com.Variant.Doina.72984.2628.5521.exe, 00000000.00000003.2394565534.0000023F9BA54000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: OriginalFileName vs SecuriteInfo.com.Variant.Doina.72984.2628.5521.exe |
Source: SecuriteInfo.com.Variant.Doina.72984.2628.5521.exe, 00000000.00000000.2074111889.00007FF7258AD000.00000008.00000001.01000000.00000003.sdmp | Binary or memory string: OriginalFilenameiQVW64.SYSH vs SecuriteInfo.com.Variant.Doina.72984.2628.5521.exe |
Source: SecuriteInfo.com.Variant.Doina.72984.2628.5521.exe, 00000000.00000003.2394918831.0000023F9BA63000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: OriginalFileName vs SecuriteInfo.com.Variant.Doina.72984.2628.5521.exe |
Source: SecuriteInfo.com.Variant.Doina.72984.2628.5521.exe, 00000000.00000003.2394884952.0000023F9BA5F000.00000004.00000020.00020000.00000000.sdmp | Binary or memory string: OriginalFileName vs SecuriteInfo.com.Variant.Doina.72984.2628.5521.exe |
Source: SecuriteInfo.com.Variant.Doina.72984.2628.5521.exe | Binary or memory string: OriginalFilenameiQVW64.SYSH vs SecuriteInfo.com.Variant.Doina.72984.2628.5521.exe |
Source: unknown | Process created: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Doina.72984.2628.5521.exe "C:\Users\user\Desktop\SecuriteInfo.com.Variant.Doina.72984.2628.5521.exe" | |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Doina.72984.2628.5521.exe | Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 | |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Doina.72984.2628.5521.exe | Process created: C:\Windows\SoftwareDistribution\Download\bugado.exe "C:\Windows\SoftwareDistribution\Download\bugado.exe" C:\Windows\SoftwareDistribution\Download\bugado.sys | |
Source: C:\Windows\SoftwareDistribution\Download\bugado.exe | Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 | |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Doina.72984.2628.5521.exe | Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c cls | |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Doina.72984.2628.5521.exe | Process created: C:\Windows\SoftwareDistribution\Download\bugado.exe "C:\Windows\SoftwareDistribution\Download\bugado.exe" C:\Windows\SoftwareDistribution\Download\bugado.sys | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Doina.72984.2628.5521.exe | Process created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c cls | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Doina.72984.2628.5521.exe | Section loaded: apphelp.dll | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Doina.72984.2628.5521.exe | Section loaded: msvcp140.dll | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Doina.72984.2628.5521.exe | Section loaded: dwmapi.dll | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Doina.72984.2628.5521.exe | Section loaded: d3d9.dll | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Doina.72984.2628.5521.exe | Section loaded: vcruntime140_1.dll | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Doina.72984.2628.5521.exe | Section loaded: vcruntime140.dll | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Doina.72984.2628.5521.exe | Section loaded: vcruntime140.dll | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Doina.72984.2628.5521.exe | Section loaded: vcruntime140_1.dll | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Doina.72984.2628.5521.exe | Section loaded: kernel.appcore.dll | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Doina.72984.2628.5521.exe | Section loaded: windows.storage.dll | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Doina.72984.2628.5521.exe | Section loaded: vcruntime140.dll | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Doina.72984.2628.5521.exe | Section loaded: wldp.dll | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Doina.72984.2628.5521.exe | Section loaded: cryptbase.dll | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Doina.72984.2628.5521.exe | Section loaded: uxtheme.dll | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Doina.72984.2628.5521.exe | Section loaded: propsys.dll | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Doina.72984.2628.5521.exe | Section loaded: profapi.dll | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Doina.72984.2628.5521.exe | Section loaded: twext.dll | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Doina.72984.2628.5521.exe | Section loaded: cscui.dll | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Doina.72984.2628.5521.exe | Section loaded: windows.staterepositoryps.dll | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Doina.72984.2628.5521.exe | Section loaded: appresolver.dll | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Doina.72984.2628.5521.exe | Section loaded: bcp47langs.dll | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Doina.72984.2628.5521.exe | Section loaded: slc.dll | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Doina.72984.2628.5521.exe | Section loaded: userenv.dll | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Doina.72984.2628.5521.exe | Section loaded: sppc.dll | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Doina.72984.2628.5521.exe | Section loaded: policymanager.dll | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Doina.72984.2628.5521.exe | Section loaded: msvcp110_win.dll | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Doina.72984.2628.5521.exe | Section loaded: workfoldersshell.dll | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Doina.72984.2628.5521.exe | Section loaded: ntshrui.dll | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Doina.72984.2628.5521.exe | Section loaded: sspicli.dll | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Doina.72984.2628.5521.exe | Section loaded: windows.fileexplorer.common.dll | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Doina.72984.2628.5521.exe | Section loaded: iertutil.dll | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Doina.72984.2628.5521.exe | Section loaded: srvcli.dll | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Doina.72984.2628.5521.exe | Section loaded: cscapi.dll | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Doina.72984.2628.5521.exe | Section loaded: twinapi.appcore.dll | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Doina.72984.2628.5521.exe | Section loaded: textshaping.dll | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Doina.72984.2628.5521.exe | Section loaded: version.dll | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Doina.72984.2628.5521.exe | Section loaded: wtsapi32.dll | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Doina.72984.2628.5521.exe | Section loaded: msasn1.dll | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Doina.72984.2628.5521.exe | Section loaded: starttiledata.dll | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Doina.72984.2628.5521.exe | Section loaded: coremessaging.dll | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Doina.72984.2628.5521.exe | Section loaded: usermgrcli.dll | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Doina.72984.2628.5521.exe | Section loaded: usermgrproxy.dll | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Doina.72984.2628.5521.exe | Section loaded: acppage.dll | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Doina.72984.2628.5521.exe | Section loaded: sfc.dll | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Doina.72984.2628.5521.exe | Section loaded: msi.dll | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Doina.72984.2628.5521.exe | Section loaded: aepic.dll | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Doina.72984.2628.5521.exe | Section loaded: ntmarta.dll | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Doina.72984.2628.5521.exe | Section loaded: cryptsp.dll | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Doina.72984.2628.5521.exe | Section loaded: sfc_os.dll | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Doina.72984.2628.5521.exe | Section loaded: edputil.dll | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Doina.72984.2628.5521.exe | Section loaded: urlmon.dll | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Doina.72984.2628.5521.exe | Section loaded: netutils.dll | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Doina.72984.2628.5521.exe | Section loaded: wintypes.dll | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Doina.72984.2628.5521.exe | Section loaded: onecorecommonproxystub.dll | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Doina.72984.2628.5521.exe | Section loaded: onecoreuapcommonproxystub.dll | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Doina.72984.2628.5521.exe | Section loaded: msasn1.dll | Jump to behavior |
Source: C:\Windows\SoftwareDistribution\Download\bugado.exe | Section loaded: apphelp.dll | Jump to behavior |
Source: C:\Windows\SoftwareDistribution\Download\bugado.exe | Section loaded: msvcp140.dll | Jump to behavior |
Source: C:\Windows\SoftwareDistribution\Download\bugado.exe | Section loaded: vcruntime140_1.dll | Jump to behavior |
Source: C:\Windows\SoftwareDistribution\Download\bugado.exe | Section loaded: vcruntime140.dll | Jump to behavior |
Source: C:\Windows\SoftwareDistribution\Download\bugado.exe | Section loaded: vcruntime140.dll | Jump to behavior |
Source: C:\Windows\SoftwareDistribution\Download\bugado.exe | Section loaded: vcruntime140_1.dll | Jump to behavior |
Source: C:\Windows\SoftwareDistribution\Download\bugado.exe | Section loaded: vcruntime140.dll | Jump to behavior |
Source: C:\Windows\SoftwareDistribution\Download\bugado.exe | Section loaded: kernel.appcore.dll | Jump to behavior |
Source: SecuriteInfo.com.Variant.Doina.72984.2628.5521.exe | Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT |
Source: SecuriteInfo.com.Variant.Doina.72984.2628.5521.exe | Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE |
Source: SecuriteInfo.com.Variant.Doina.72984.2628.5521.exe | Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC |
Source: SecuriteInfo.com.Variant.Doina.72984.2628.5521.exe | Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG |
Source: SecuriteInfo.com.Variant.Doina.72984.2628.5521.exe | Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG |
Source: SecuriteInfo.com.Variant.Doina.72984.2628.5521.exe | Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT |
Source: | Binary string: D:\BRONKZ BACKUP 16 02 2024\Loaders C# Bronkz Private Store\ESP Valorant C++\Cheat Valorant ESP - Private Store\x64\Release\YARREAK PROJE.pdb source: SecuriteInfo.com.Variant.Doina.72984.2628.5521.exe |
Source: | Binary string: D:\XD\kdmapper-master\kdmapper-master\x64\Release\kdmapper.pdb11 source: SecuriteInfo.com.Variant.Doina.72984.2628.5521.exe, bugado.exe.0.dr |
Source: | Binary string: eD:\BRONKZ BACKUP 16 02 2024\Loaders C# Bronkz Private Store\ESP Valorant C++\Cheat Valorant ESP - Private Store\x64\Release\YARREAK PROJE.pdb3,,GCTL source: SecuriteInfo.com.Variant.Doina.72984.2628.5521.exe |
Source: | Binary string: C:\Users\textx\source\repos\democ_free\kernelmod\x64\Release\drv.pdb source: SecuriteInfo.com.Variant.Doina.72984.2628.5521.exe, bugado.sys.0.dr |
Source: | Binary string: D:\XD\kdmapper-master\kdmapper-master\x64\Release\kdmapper.pdb source: SecuriteInfo.com.Variant.Doina.72984.2628.5521.exe, bugado.exe.0.dr |
Source: | Binary string: c:\users\cloudbuild\337244\sdk\nal\src\winnt_wdm\driver\objfre_wnet_AMD64\amd64\iqvw64e.pdb source: SecuriteInfo.com.Variant.Doina.72984.2628.5521.exe, bugado.exe.0.dr, uKPwkwKUWlbmzgNfgIh.3.dr |
Source: | Binary string: PwC:\Users\textx\source\repos\democ_free\kernelmod\x64\Release\drv.pdb source: SecuriteInfo.com.Variant.Doina.72984.2628.5521.exe, bugado.sys.0.dr |
Source: SecuriteInfo.com.Variant.Doina.72984.2628.5521.exe | Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata |
Source: SecuriteInfo.com.Variant.Doina.72984.2628.5521.exe | Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc |
Source: SecuriteInfo.com.Variant.Doina.72984.2628.5521.exe | Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc |
Source: SecuriteInfo.com.Variant.Doina.72984.2628.5521.exe | Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata |
Source: SecuriteInfo.com.Variant.Doina.72984.2628.5521.exe | Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata |
Source: C:\Windows\SoftwareDistribution\Download\bugado.exe | Code function: 3_2_00007FF617582A90 NtQuerySystemInformation,VirtualFree,VirtualAlloc,NtQuerySystemInformation,GetCurrentProcessId,VirtualFree,DeviceIoControl,DeviceIoControl,DeviceIoControl,DeviceIoControl,memset,DeviceIoControl,DeviceIoControl,?wcout@std@@3V?$basic_ostream@_WU?$char_traits@_W@std@@@1@A,??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z,?wcout@std@@3V?$basic_ostream@_WU?$char_traits@_W@std@@@1@A,??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z,VirtualFree, | 3_2_00007FF617582A90 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Doina.72984.2628.5521.exe | File opened: C:\Users\user\AppData | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Doina.72984.2628.5521.exe | File opened: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Doina.72984.2628.5521.exe | File opened: C:\Users\user | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Doina.72984.2628.5521.exe | File opened: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Doina.72984.2628.5521.exe | File opened: C:\Users\user\AppData\Roaming | Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Doina.72984.2628.5521.exe | File opened: C:\Users\user\AppData\Roaming\Microsoft | Jump to behavior |
Source: C:\Windows\SoftwareDistribution\Download\bugado.exe | Code function: 3_2_00007FF617582A90 NtQuerySystemInformation,VirtualFree,VirtualAlloc,NtQuerySystemInformation,GetCurrentProcessId,VirtualFree,DeviceIoControl,DeviceIoControl,DeviceIoControl,DeviceIoControl,memset,DeviceIoControl,DeviceIoControl,?wcout@std@@3V?$basic_ostream@_WU?$char_traits@_W@std@@@1@A,??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z,?wcout@std@@3V?$basic_ostream@_WU?$char_traits@_W@std@@@1@A,??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z,VirtualFree, | 3_2_00007FF617582A90 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Doina.72984.2628.5521.exe | Code function: 0_2_00007FF725833B70 system,system,system,?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A,Sleep,exit,GetModuleHandleA,GetProcAddress,GetProcessHeap,HeapAlloc,GetProcessHeap,HeapReAlloc,GetProcessHeap,HeapReAlloc,system,?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A,system,system,?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A,Sleep,exit, | 0_2_00007FF725833B70 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Doina.72984.2628.5521.exe | Code function: 0_2_00007FF725836EC0 SetUnhandledExceptionFilter, | 0_2_00007FF725836EC0 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Doina.72984.2628.5521.exe | Code function: 0_2_00007FF7258371F0 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess, | 0_2_00007FF7258371F0 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.Variant.Doina.72984.2628.5521.exe | Code function: 0_2_00007FF725836D18 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, | 0_2_00007FF725836D18 |
Source: C:\Windows\SoftwareDistribution\Download\bugado.exe | Code function: 3_2_00007FF617589D10 SetUnhandledExceptionFilter,_wcsicmp,_wcsicmp,_wcsicmp,_wcsicmp,?wcout@std@@3V?$basic_ostream@_WU?$char_traits@_W@std@@@1@A,??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z,?wcout@std@@3V?$basic_ostream@_WU?$char_traits@_W@std@@@1@A,??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z,?wcout@std@@3V?$basic_ostream@_WU?$char_traits@_W@std@@@1@A,??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z,memcmp,?wcout@std@@3V?$basic_ostream@_WU?$char_traits@_W@std@@@1@A,??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z,?wcout@std@@3V?$basic_ostream@_WU?$char_traits@_W@std@@@1@A,??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,?wcout@std@@3V?$basic_ostream@_WU?$char_traits@_W@std@@@1@A,??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z,_invalid_parameter_noinfo_noreturn,?wcout@std@@3V?$basic_ostream@_WU?$char_traits@_W@std@@@1@A,?wcout@std@@3V?$basic_ostream@_WU?$char_traits@_W@std@@@1@A,??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z,?wcout@std@@3V?$basic_ostream@_WU?$char_traits@_W@std@@@1@A,??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z,?wcout@std@@3V?$basic_ostream@_WU?$char_traits@_W@std@@@1@A,??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn, | 3_2_00007FF617589D10 |
Source: C:\Windows\SoftwareDistribution\Download\bugado.exe | Code function: 3_2_00007FF61758F884 SetUnhandledExceptionFilter, | 3_2_00007FF61758F884 |
Source: C:\Windows\SoftwareDistribution\Download\bugado.exe | Code function: 3_2_00007FF61758F6D8 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, | 3_2_00007FF61758F6D8 |
Source: C:\Windows\SoftwareDistribution\Download\bugado.exe | Code function: 3_2_00007FF61758F140 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess, | 3_2_00007FF61758F140 |