Source: avz.exe |
Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI |
Source: C:\Users\user\Desktop\avz.exe |
Code function: 0_2_0040E718 FindFirstFileW,FindClose, |
0_2_0040E718 |
Source: C:\Users\user\Desktop\avz.exe |
Code function: 0_2_0040E14C GetModuleHandleW,GetProcAddress,FindFirstFileW,FindClose,lstrlenW,lstrlenW, |
0_2_0040E14C |
Source: C:\Users\user\Desktop\avz.exe |
Code function: 0_2_00424B74 FindFirstFileW,FindClose, |
0_2_00424B74 |
Source: C:\Users\user\Desktop\avz.exe |
Code function: 0_2_00424D58 FindFirstFileW,FindClose, |
0_2_00424D58 |
Source: C:\Users\user\Desktop\avz.exe |
Code function: 0_2_00422AAC GetLogicalDriveStringsW,QueryDosDeviceW, |
0_2_00422AAC |
Source: avz.exe, avz.exe, 00000000.00000002.2857267956.0000000000401000.00000040.00000001.01000000.00000003.sdmp |
String found in binary or memory: http://whitelist.kaspersky.com/application?MD5= |
Source: avz.exe, 00000000.00000002.2857267956.0000000000960000.00000040.00000001.01000000.00000003.sdmp |
String found in binary or memory: http://www.kaspersky.ru/ |
Source: avz.exe, 00000000.00000002.2857267956.0000000000960000.00000040.00000001.01000000.00000003.sdmp |
String found in binary or memory: http://www.z-oleg.com/secur/avz/report.php |
Source: avz.exe, 00000000.00000002.2857267956.0000000000960000.00000040.00000001.01000000.00000003.sdmp |
String found in binary or memory: http://www.z-oleg.com/secur/avz_up5/ |
Source: avz.exe, 00000000.00000002.2857267956.0000000000401000.00000040.00000001.01000000.00000003.sdmp |
String found in binary or memory: http://z-oleg.com/secur/avz/ |
Source: avz.exe, 00000000.00000002.2857267956.0000000000960000.00000040.00000001.01000000.00000003.sdmp |
String found in binary or memory: http://z-oleg.com/secur/avz/uploadvir.php |
Source: avz.exe, 00000000.00000002.2857267956.0000000000960000.00000040.00000001.01000000.00000003.sdmp |
String found in binary or memory: http://z-oleg.com/secur/avz_doc/ |
Source: avz.exe, avz.exe, 00000000.00000002.2857267956.0000000000401000.00000040.00000001.01000000.00000003.sdmp |
String found in binary or memory: https://nova.rambler.ru/search?query= |
Source: avz.exe, 00000000.00000002.2857267956.0000000000401000.00000040.00000001.01000000.00000003.sdmp |
String found in binary or memory: https://nova.rambler.ru/search?query=U |
Source: avz.exe, avz.exe, 00000000.00000002.2857267956.0000000000401000.00000040.00000001.01000000.00000003.sdmp |
String found in binary or memory: https://www.google.ru/search?hl=ru&q= |
Source: avz.exe, 00000000.00000002.2857267956.0000000000401000.00000040.00000001.01000000.00000003.sdmp |
String found in binary or memory: https://www.google.ru/search?hl=ru&q=U |
Source: avz.exe |
String found in binary or memory: https://www.kaspersky.com/ |
Source: avz.exe, 00000000.00000002.2857267956.0000000000401000.00000040.00000001.01000000.00000003.sdmp |
String found in binary or memory: https://www.kaspersky.com/U |
Source: avz.exe, 00000000.00000002.2857267956.0000000000401000.00000040.00000001.01000000.00000003.sdmp |
String found in binary or memory: https://www.kaspersky.com/https://www.kaspersky.ru/U |
Source: avz.exe |
String found in binary or memory: https://www.kaspersky.ru/ |
Source: avz.exe |
String found in binary or memory: https://www.z-oleg.com/secur/avz/report.php |
Source: avz.exe, 00000000.00000002.2857267956.0000000000401000.00000040.00000001.01000000.00000003.sdmp |
String found in binary or memory: https://www.z-oleg.com/secur/avz/report.phpU |
Source: avz.exe, avz.exe, 00000000.00000002.2857267956.0000000000960000.00000040.00000001.01000000.00000003.sdmp, avz.exe, 00000000.00000002.2857267956.0000000000401000.00000040.00000001.01000000.00000003.sdmp |
String found in binary or memory: https://www.z-oleg.com/secur/avz_up5/ |
Source: avz.exe |
String found in binary or memory: https://z-oleg.com/secur/avz |
Source: avz.exe |
String found in binary or memory: https://z-oleg.com/secur/avz/upload_qr.php |
Source: avz.exe, 00000000.00000002.2857267956.0000000000401000.00000040.00000001.01000000.00000003.sdmp |
String found in binary or memory: https://z-oleg.com/secur/avz/upload_qr.phpU |
Source: avz.exe, 00000000.00000002.2857267956.0000000000401000.00000040.00000001.01000000.00000003.sdmp |
String found in binary or memory: https://z-oleg.com/secur/avzU |
Source: avz.exe |
String found in binary or memory: https://z-oleg.com/secur/avz_doc/ |
Source: avz.exe, 00000000.00000002.2857267956.0000000000401000.00000040.00000001.01000000.00000003.sdmp |
String found in binary or memory: https://z-oleg.com/secur/avz_doc/U |
Source: C:\Users\user\Desktop\avz.exe |
Code function: 0_2_004412E8 |
0_2_004412E8 |
Source: C:\Users\user\Desktop\avz.exe |
Code function: 0_2_0040CBA4 |
0_2_0040CBA4 |
Source: C:\Users\user\Desktop\avz.exe |
Process token adjusted: Load Driver |
Jump to behavior |
Source: avz.exe |
Static PE information: Resource name: RT_BITMAP type: 68K BCS executable |
Source: avz.exe |
Static PE information: Resource name: RT_STRING type: DOS executable (COM) |
Source: avz.exe |
Static PE information: Resource name: RT_STRING type: DOS executable (COM) |
Source: avz.exe |
Static PE information: Resource name: RT_STRING type: DOS executable (COM, 0x8C-variant) |
Source: avz.exe |
Static PE information: Resource name: RT_STRING type: DOS executable (COM, 0x8C-variant) |
Source: avz.exe |
Binary or memory string: OriginalFilename vs avz.exe |
Source: avz.exe, 00000000.00000002.2859328721.000000000A533000.00000004.00001000.00020000.00000000.sdmp |
Binary or memory string: OriginalFilenamecomctl32.DLL.MUIj% vs avz.exe |
Source: avz.exe, 00000000.00000002.2857267956.0000000000401000.00000040.00000001.01000000.00000003.sdmp |
Binary or memory string: OriginalFilename vs avz.exe |
Source: avz.exe, 00000000.00000002.2857267956.0000000000401000.00000040.00000001.01000000.00000003.sdmp |
Binary or memory string: OriginalFilenameU vs avz.exe |
Source: avz.exe |
Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI |
Source: avz.exe |
Static PE information: Section: UPX1 ZLIB complexity 0.9887729595035105 |
Source: classification engine |
Classification label: sus25.evad.winEXE@1/0@0/0 |
Source: C:\Users\user\Desktop\avz.exe |
Code function: 0_2_00425874 GetDiskFreeSpaceW, |
0_2_00425874 |
Source: C:\Users\user\Desktop\avz.exe |
File created: C:\Users\user\Desktop\BASE |
Jump to behavior |
Source: Yara match |
File source: 0.2.avz.exe.400000.0.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 00000000.00000002.2857267956.0000000000401000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY |
Source: C:\Users\user\Desktop\avz.exe |
Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales |
Jump to behavior |
Source: C:\Users\user\Desktop\avz.exe |
Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales |
Jump to behavior |
Source: C:\Users\user\Desktop\avz.exe |
File read: C:\Windows\win.ini |
Jump to behavior |
Source: C:\Users\user\Desktop\avz.exe |
Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers |
Jump to behavior |
Source: avz.exe |
String found in binary or memory: NATS-SEFI-ADD |
Source: avz.exe |
String found in binary or memory: NATS-DANO-ADD |
Source: avz.exe |
String found in binary or memory: </InstalledProg> |
Source: avz.exe |
String found in binary or memory: JIS_C6229-1984-b-add |
Source: avz.exe |
String found in binary or memory: jp-ocr-b-add |
Source: avz.exe |
String found in binary or memory: JIS_C6229-1984-hand-add |
Source: avz.exe |
String found in binary or memory: jp-ocr-hand-add |
Source: avz.exe |
String found in binary or memory: ISO_6937-2-add |
Source: avz.exe |
String found in binary or memory: MAIN-START |
Source: avz.exe |
String found in binary or memory: switch></addop><mulop><switch><char text="*" add="op"/><char text="/" add="op"/><keyword text="DIV" add="op" addtext="div"/><keywo |
Source: C:\Users\user\Desktop\avz.exe |
File read: C:\Users\user\Desktop\avz.exe |
Jump to behavior |
Source: C:\Users\user\Desktop\avz.exe |
Section loaded: netapi32.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\avz.exe |
Section loaded: version.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\avz.exe |
Section loaded: wininet.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\avz.exe |
Section loaded: wsock32.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\avz.exe |
Section loaded: wkscli.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\avz.exe |
Section loaded: cscapi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\avz.exe |
Section loaded: uxtheme.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\avz.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\avz.exe |
Section loaded: wtsapi32.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\avz.exe |
Section loaded: winsta.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\avz.exe |
Section loaded: olepro32.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\avz.exe |
Section loaded: riched20.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\avz.exe |
Section loaded: usp10.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\avz.exe |
Section loaded: msls31.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\avz.exe |
Section loaded: dataexchange.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\avz.exe |
Section loaded: d3d11.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\avz.exe |
Section loaded: dcomp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\avz.exe |
Section loaded: dxgi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\avz.exe |
Section loaded: twinapi.appcore.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\avz.exe |
Section loaded: windows.storage.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\avz.exe |
Section loaded: wldp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\avz.exe |
Section loaded: propsys.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\avz.exe |
Section loaded: windowscodecs.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\avz.exe |
Section loaded: profapi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\avz.exe |
Section loaded: textshaping.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\avz.exe |
Section loaded: msasn1.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\avz.exe |
Section loaded: cryptsp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\avz.exe |
Section loaded: rsaenh.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\avz.exe |
Section loaded: cryptbase.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\avz.exe |
Section loaded: gpapi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\avz.exe |
Section loaded: textinputframework.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\avz.exe |
Section loaded: coreuicomponents.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\avz.exe |
Section loaded: coremessaging.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\avz.exe |
Section loaded: ntmarta.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\avz.exe |
Section loaded: wintypes.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\avz.exe |
Section loaded: wintypes.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\avz.exe |
Section loaded: wintypes.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\avz.exe |
Section loaded: dwmapi.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\avz.exe |
Section loaded: thumbcache.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\avz.exe |
Section loaded: policymanager.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\avz.exe |
Section loaded: msvcp110_win.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\avz.exe |
Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{9FC8E510-A27C-4B3B-B9A3-BF65F00256A8}\InProcServer32 |
Jump to behavior |
Source: C:\Users\user\Desktop\avz.exe |
Window found: window name: TComboBox |
Jump to behavior |
Source: Window Recorder |
Window detected: More than 3 window changes detected |
Source: avz.exe |
Static file information: File size 1572352 > 1048576 |
Source: avz.exe |
Static PE information: Raw size of UPX1 is bigger than: 0x100000 < 0x175e00 |
Source: C:\Users\user\Desktop\avz.exe |
Code function: 0_2_0043A25C push ecx; mov dword ptr [esp], ecx |
0_2_0043A25F |
Source: C:\Users\user\Desktop\avz.exe |
Code function: 0_2_00430204 push 004302EFh; ret |
0_2_004302E7 |
Source: C:\Users\user\Desktop\avz.exe |
Code function: 0_2_0046835C push ecx; mov dword ptr [esp], edx |
0_2_0046835D |
Source: C:\Users\user\Desktop\avz.exe |
Code function: 0_2_0046730C push ecx; mov dword ptr [esp], ecx |
0_2_00467310 |
Source: C:\Users\user\Desktop\avz.exe |
Code function: 0_2_0042A448 push 0042A4E1h; ret |
0_2_0042A4D9 |
Source: C:\Users\user\Desktop\avz.exe |
Code function: 0_2_0046343C push ecx; mov dword ptr [esp], ecx |
0_2_00463440 |
Source: C:\Users\user\Desktop\avz.exe |
Code function: 0_2_0041C4E8 push 0041C520h; ret |
0_2_0041C518 |
Source: C:\Users\user\Desktop\avz.exe |
Code function: 0_2_0041048C push 0041050Fh; ret |
0_2_00410507 |
Source: C:\Users\user\Desktop\avz.exe |
Code function: 0_2_00466510 push ecx; mov dword ptr [esp], edx |
0_2_00466511 |
Source: C:\Users\user\Desktop\avz.exe |
Code function: 0_2_00466520 push ecx; mov dword ptr [esp], edx |
0_2_00466521 |
Source: C:\Users\user\Desktop\avz.exe |
Code function: 0_2_00465530 push ecx; mov dword ptr [esp], ecx |
0_2_00465534 |
Source: C:\Users\user\Desktop\avz.exe |
Code function: 0_2_008335F4 push ecx; mov dword ptr [esp], edx |
0_2_008335F5 |
Source: C:\Users\user\Desktop\avz.exe |
Code function: 0_2_00466604 push ecx; mov dword ptr [esp], ecx |
0_2_00466608 |
Source: C:\Users\user\Desktop\avz.exe |
Code function: 0_2_004686F8 push ecx; mov dword ptr [esp], edx |
0_2_004686F9 |
Source: C:\Users\user\Desktop\avz.exe |
Code function: 0_2_00464840 push ecx; mov dword ptr [esp], ecx |
0_2_00464844 |
Source: C:\Users\user\Desktop\avz.exe |
Code function: 0_2_00467828 push ecx; mov dword ptr [esp], edx |
0_2_00467829 |
Source: C:\Users\user\Desktop\avz.exe |
Code function: 0_2_00462888 push 004628DEh; ret |
0_2_004628D6 |
Source: C:\Users\user\Desktop\avz.exe |
Code function: 0_2_00466978 push ecx; mov dword ptr [esp], edx |
0_2_00466979 |
Source: C:\Users\user\Desktop\avz.exe |
Code function: 0_2_00466988 push ecx; mov dword ptr [esp], edx |
0_2_00466989 |
Source: C:\Users\user\Desktop\avz.exe |
Code function: 0_2_00466A6C push ecx; mov dword ptr [esp], ecx |
0_2_00466A70 |
Source: C:\Users\user\Desktop\avz.exe |
Code function: 0_2_00465A2C push ecx; mov dword ptr [esp], eax |
0_2_00465A2E |
Source: C:\Users\user\Desktop\avz.exe |
Code function: 0_2_0043EB78 push ecx; mov dword ptr [esp], eax |
0_2_0043EB79 |
Source: C:\Users\user\Desktop\avz.exe |
Code function: 0_2_00467B78 push ecx; mov dword ptr [esp], edx |
0_2_00467B79 |
Source: C:\Users\user\Desktop\avz.exe |
Code function: 0_2_0043DB14 push ecx; mov dword ptr [esp], eax |
0_2_0043DB15 |
Source: C:\Users\user\Desktop\avz.exe |
Code function: 0_2_00462C10 push ecx; mov dword ptr [esp], edx |
0_2_00462C11 |
Source: C:\Users\user\Desktop\avz.exe |
Code function: 0_2_00425C18 push ecx; mov dword ptr [esp], ecx |
0_2_00425C1B |
Source: C:\Users\user\Desktop\avz.exe |
Code function: 0_2_00468D5C push ecx; mov dword ptr [esp], edx |
0_2_00468D5D |
Source: C:\Users\user\Desktop\avz.exe |
Code function: 0_2_00465DF4 push ecx; mov dword ptr [esp], edx |
0_2_00465DF5 |
Source: C:\Users\user\Desktop\avz.exe |
Code function: 0_2_00466DF0 push ecx; mov dword ptr [esp], edx |
0_2_00466DF1 |
Source: C:\Users\user\Desktop\avz.exe |
Code function: 0_2_00466ED4 push ecx; mov dword ptr [esp], ecx |
0_2_00466ED8 |
Source: C:\Users\user\Desktop\avz.exe |
Code function: 0_2_0043CED0 push 0043CF27h; ret |
0_2_0043CF1F |
Source: initial sample |
Static PE information: section name: UPX0 |
Source: initial sample |
Static PE information: section name: UPX1 |
Source: avz.exe |
Binary or memory string: KeServiceDescriptorTable |
Source: avz.exe, 00000000.00000002.2857267956.0000000000401000.00000040.00000001.01000000.00000003.sdmp |
Binary or memory string: KeServiceDescriptorTable |
Source: C:\Users\user\Desktop\avz.exe |
Registry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT |
Jump to behavior |
Source: C:\Users\user\Desktop\avz.exe |
Registry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot |
Jump to behavior |
Source: C:\Users\user\Desktop\avz.exe |
Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\avz.exe |
Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\avz.exe |
Process information set: FAILCRITICALERRORS | NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\avz.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\avz.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\avz.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\avz.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\avz.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\avz.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\avz.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\avz.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\avz.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\avz.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\avz.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\avz.exe |
API coverage: 9.0 % |
Source: C:\Users\user\Desktop\avz.exe |
Code function: 0_2_0040E718 FindFirstFileW,FindClose, |
0_2_0040E718 |
Source: C:\Users\user\Desktop\avz.exe |
Code function: 0_2_0040E14C GetModuleHandleW,GetProcAddress,FindFirstFileW,FindClose,lstrlenW,lstrlenW, |
0_2_0040E14C |
Source: C:\Users\user\Desktop\avz.exe |
Code function: 0_2_00424B74 FindFirstFileW,FindClose, |
0_2_00424B74 |
Source: C:\Users\user\Desktop\avz.exe |
Code function: 0_2_00424D58 FindFirstFileW,FindClose, |
0_2_00424D58 |
Source: C:\Users\user\Desktop\avz.exe |
Code function: 0_2_00422AAC GetLogicalDriveStringsW,QueryDosDeviceW, |
0_2_00422AAC |
Source: avz.exe, 00000000.00000002.2858364688.0000000001AE3000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: \\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}T |
Source: avz.exe, 00000000.00000002.2858364688.0000000001AE3000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b} |
Source: avz.exe, 00000000.00000002.2858364688.0000000001B53000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: War&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Pro |
Source: avz.exe, 00000000.00000002.2858364688.0000000001AE3000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: \\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\ |
Source: avz.exe, 00000000.00000002.2858364688.0000000001AE3000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\ |
Source: C:\Users\user\Desktop\avz.exe |
Process token adjusted: Debug |
Jump to behavior |
Source: C:\Users\user\Desktop\avz.exe |
Code function: GetUserDefaultUILanguage,GetLocaleInfoW, |
0_2_0040E850 |
Source: C:\Users\user\Desktop\avz.exe |
Code function: IsValidLocale,GetLocaleInfoW,GetLocaleInfoW, |
0_2_0040DCF0 |
Source: C:\Users\user\Desktop\avz.exe |
Code function: GetLocaleInfoW, |
0_2_00429DD8 |
Source: C:\Users\user\Desktop\avz.exe |
Code function: GetLocaleInfoW, |
0_2_00429E24 |
Source: C:\Users\user\Desktop\avz.exe |
Code function: 0_2_00428164 GetLocalTime, |
0_2_00428164 |
Source: C:\Users\user\Desktop\avz.exe |
Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid |
Jump to behavior |
Source: avz.exe, 00000000.00000002.2858603420.000000000546A000.00000004.00001000.00020000.00000000.sdmp, avz.exe, 00000000.00000002.2858364688.0000000001B10000.00000004.00000020.00020000.00000000.sdmp, avz.exe, 00000000.00000002.2858603420.0000000005478000.00000004.00001000.00020000.00000000.sdmp |
Binary or memory string: C:\Users\user\Desktop\avz.exe |
Source: avz.exe, 00000000.00000002.2857267956.00000000008E6000.00000040.00000001.01000000.00000003.sdmp, avz.exe, 00000000.00000002.2858364688.0000000001B10000.00000004.00000020.00020000.00000000.sdmp |
Binary or memory string: avz.exe |