Source: wget.exe, 00000002.00000002.1786260445.0000000000108000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://emulatorgames.onl/assets/games/n64-resident-evil-2/n64-resident-evil-2.z |
Source: wget.exe, 00000002.00000002.1786486811.0000000000F80000.00000004.00000020.00020000.00000000.sdmp, wget.exe, 00000002.00000002.1786486811.0000000000F85000.00000004.00000020.00020000.00000000.sdmp, wget.exe, 00000002.00000002.1786541003.0000000002AED000.00000004.00000020.00020000.00000000.sdmp, wget.exe, 00000002.00000003.1786130450.0000000002AEA000.00000004.00000020.00020000.00000000.sdmp, cmdline.out.0.dr |
String found in binary or memory: http://emulatorgames.onl/assets/games/n64-resident-evil-2/n64-resident-evil-2.zip |
Source: wget.exe, 00000002.00000002.1786486811.0000000000F80000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://emulatorgames.onl/assets/games/n64-resident-evil-2/n64-resident-evil-2.zipESSOR |
Source: wget.exe, 00000002.00000002.1786541003.0000000002AED000.00000004.00000020.00020000.00000000.sdmp, wget.exe, 00000002.00000003.1786130450.0000000002AEA000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://emulatorgames.onl/assets/games/n64-resident-evil-2/n64-resident-evil-2.zipX |
Source: wget.exe, 00000002.00000002.1786486811.0000000000F80000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: http://emulatorgames.onl/assets/games/n64-resident-evil-2/n64-resident-evil-2.zipamData |
Source: cmdline.out.0.dr |
String found in binary or memory: https://emulatorgames.onl/assets/games/n64-resident-evil-2/n64-resident-evil-2.zip |
Source: wget.exe, 00000002.00000002.1786486811.0000000000F85000.00000004.00000020.00020000.00000000.sdmp |
String found in binary or memory: https://emulatorgames.onl/assets/games/n64-resident-evil-2/n64-resident-evil-2.zipzip |
Source: C:\Windows\System32\conhost.exe |
Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7252:120:WilError_03 |
Source: C:\Windows\System32\conhost.exe |
Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1196:120:WilError_03 |
Source: C:\Windows\System32\OpenWith.exe |
Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7604:120:WilError_03 |
Source: unknown |
Process created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c wget -t 2 -v -T 60 -P "C:\Users\user\Desktop\download" --no-check-certificate --content-disposition --user-agent="Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; AS; rv:11.0) like Gecko" "http://emulatorgames.onl/assets/games/n64-resident-evil-2/n64-resident-evil-2.zip" > cmdline.out 2>&1 |
|
Source: C:\Windows\SysWOW64\cmd.exe |
Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 |
|
Source: C:\Windows\SysWOW64\cmd.exe |
Process created: C:\Windows\SysWOW64\wget.exe wget -t 2 -v -T 60 -P "C:\Users\user\Desktop\download" --no-check-certificate --content-disposition --user-agent="Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; AS; rv:11.0) like Gecko" "http://emulatorgames.onl/assets/games/n64-resident-evil-2/n64-resident-evil-2.zip" |
|
Source: unknown |
Process created: C:\Windows\SysWOW64\7za.exe 7za x -y -pinfected -o"C:\Users\user\Desktop\extract" "C:\Users\user\Desktop\download\n64-resident-evil-2.zip" |
|
Source: C:\Windows\SysWOW64\7za.exe |
Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 |
|
Source: unknown |
Process created: C:\Windows\System32\OpenWith.exe C:\Windows\system32\OpenWith.exe -Embedding |
|
Source: C:\Windows\SysWOW64\cmd.exe |
Process created: C:\Windows\SysWOW64\wget.exe wget -t 2 -v -T 60 -P "C:\Users\user\Desktop\download" --no-check-certificate --content-disposition --user-agent="Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; AS; rv:11.0) like Gecko" "http://emulatorgames.onl/assets/games/n64-resident-evil-2/n64-resident-evil-2.zip" |
Jump to behavior |
Source: C:\Windows\SysWOW64\cmd.exe |
Section loaded: apphelp.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\wget.exe |
Section loaded: mswsock.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\wget.exe |
Section loaded: dnsapi.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\wget.exe |
Section loaded: iphlpapi.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\wget.exe |
Section loaded: rasadhlp.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\wget.exe |
Section loaded: fwpuclnt.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\wget.exe |
Section loaded: cryptsp.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\wget.exe |
Section loaded: rsaenh.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\wget.exe |
Section loaded: cryptbase.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\wget.exe |
Section loaded: msasn1.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\wget.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\wget.exe |
Section loaded: uxtheme.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\wget.exe |
Section loaded: explorerframe.dll |
Jump to behavior |
Source: C:\Windows\SysWOW64\7za.exe |
Section loaded: 7z.dll |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
Section loaded: uxtheme.dll |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
Section loaded: onecoreuapcommonproxystub.dll |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
Section loaded: windows.storage.dll |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
Section loaded: wldp.dll |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
Section loaded: twinui.dll |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
Section loaded: wintypes.dll |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
Section loaded: powrprof.dll |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
Section loaded: dwmapi.dll |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
Section loaded: pdh.dll |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
Section loaded: umpdc.dll |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
Section loaded: onecorecommonproxystub.dll |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
Section loaded: actxprxy.dll |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
Section loaded: propsys.dll |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
Section loaded: windows.staterepositoryps.dll |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
Section loaded: windows.ui.appdefaults.dll |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
Section loaded: windows.ui.immersive.dll |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
Section loaded: profapi.dll |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
Section loaded: ntmarta.dll |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
Section loaded: uiautomationcore.dll |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
Section loaded: dui70.dll |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
Section loaded: duser.dll |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
Section loaded: dwrite.dll |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
Section loaded: bcp47mrm.dll |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
Section loaded: uianimation.dll |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
Section loaded: d3d11.dll |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
Section loaded: dxgi.dll |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
Section loaded: d3d10warp.dll |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
Section loaded: resourcepolicyclient.dll |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
Section loaded: dxcore.dll |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
Section loaded: dcomp.dll |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
Section loaded: oleacc.dll |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
Section loaded: edputil.dll |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
Section loaded: windows.ui.dll |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
Section loaded: windowmanagementapi.dll |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
Section loaded: textinputframework.dll |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
Section loaded: inputhost.dll |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
Section loaded: twinapi.appcore.dll |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
Section loaded: coremessaging.dll |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
Section loaded: twinapi.appcore.dll |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
Section loaded: coreuicomponents.dll |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
Section loaded: coremessaging.dll |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
Section loaded: coremessaging.dll |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
Section loaded: coreuicomponents.dll |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
Section loaded: windowscodecs.dll |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
Section loaded: thumbcache.dll |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
Section loaded: policymanager.dll |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
Section loaded: msvcp110_win.dll |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
Section loaded: apphelp.dll |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
Section loaded: appresolver.dll |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
Section loaded: bcp47langs.dll |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
Section loaded: slc.dll |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
Section loaded: userenv.dll |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
Section loaded: sppc.dll |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
Section loaded: tiledatarepository.dll |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
Section loaded: staterepository.core.dll |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
Section loaded: windows.staterepository.dll |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
Section loaded: wtsapi32.dll |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
Section loaded: windows.staterepositorycore.dll |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
Section loaded: mrmcorer.dll |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
Section loaded: sxs.dll |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
Section loaded: directmanipulation.dll |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
Section loaded: textshaping.dll |
Jump to behavior |
Source: unknown |
Process created: C:\Windows\SysWOW64\cmd.exe c:\windows\system32\cmd.exe /c wget -t 2 -v -t 60 -p "c:\users\user\desktop\download" --no-check-certificate --content-disposition --user-agent="mozilla/5.0 (windows nt 6.1; wow64; trident/7.0; as; rv:11.0) like gecko" "http://emulatorgames.onl/assets/games/n64-resident-evil-2/n64-resident-evil-2.zip" > cmdline.out 2>&1 |
|
Source: C:\Windows\SysWOW64\cmd.exe |
Process created: C:\Windows\SysWOW64\wget.exe wget -t 2 -v -t 60 -p "c:\users\user\desktop\download" --no-check-certificate --content-disposition --user-agent="mozilla/5.0 (windows nt 6.1; wow64; trident/7.0; as; rv:11.0) like gecko" "http://emulatorgames.onl/assets/games/n64-resident-evil-2/n64-resident-evil-2.zip" |
|
Source: C:\Windows\SysWOW64\cmd.exe |
Process created: C:\Windows\SysWOW64\wget.exe wget -t 2 -v -t 60 -p "c:\users\user\desktop\download" --no-check-certificate --content-disposition --user-agent="mozilla/5.0 (windows nt 6.1; wow64; trident/7.0; as; rv:11.0) like gecko" "http://emulatorgames.onl/assets/games/n64-resident-evil-2/n64-resident-evil-2.zip" |
Jump to behavior |
Source: C:\Windows\SysWOW64\wget.exe |
Queries volume information: C:\Users\user\Desktop\download VolumeInformation |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
Queries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformation |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
Queries volume information: C:\Windows\Fonts\seguisym.ttf VolumeInformation |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
Queries volume information: C:\Windows\Fonts\seguisb.ttf VolumeInformation |
Jump to behavior |
Source: C:\Windows\System32\OpenWith.exe |
Queries volume information: C:\Windows\Fonts\seguisym.ttf VolumeInformation |
Jump to behavior |