Source: explorer.exe, 00000001.00000000.678657512.000000000B976000.00000002.00000001.sdmp |
String found in binary or memory: http://fontfabrik.com |
Source: VCPjXmY0pr.exe, 00000000.00000002.685997706.0000000000E1A000.00000004.00000020.sdmp |
String found in binary or memory: http://go.micros |
Source: explorer.exe, 00000001.00000000.666551645.0000000002B50000.00000002.00000001.sdmp |
String found in binary or memory: http://www.%s.comPA |
Source: explorer.exe, 00000001.00000000.678657512.000000000B976000.00000002.00000001.sdmp |
String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0 |
Source: explorer.exe, 00000001.00000000.678657512.000000000B976000.00000002.00000001.sdmp |
String found in binary or memory: http://www.carterandcone.coml |
Source: explorer.exe, 00000001.00000000.678657512.000000000B976000.00000002.00000001.sdmp |
String found in binary or memory: http://www.fontbureau.com |
Source: explorer.exe, 00000001.00000000.678657512.000000000B976000.00000002.00000001.sdmp |
String found in binary or memory: http://www.fontbureau.com/designers |
Source: explorer.exe, 00000001.00000000.678657512.000000000B976000.00000002.00000001.sdmp |
String found in binary or memory: http://www.fontbureau.com/designers/? |
Source: explorer.exe, 00000001.00000000.678657512.000000000B976000.00000002.00000001.sdmp |
String found in binary or memory: http://www.fontbureau.com/designers/cabarga.htmlN |
Source: explorer.exe, 00000001.00000000.678657512.000000000B976000.00000002.00000001.sdmp |
String found in binary or memory: http://www.fontbureau.com/designers/frere-user.html |
Source: explorer.exe, 00000001.00000000.678657512.000000000B976000.00000002.00000001.sdmp |
String found in binary or memory: http://www.fontbureau.com/designers8 |
Source: explorer.exe, 00000001.00000000.678657512.000000000B976000.00000002.00000001.sdmp |
String found in binary or memory: http://www.fontbureau.com/designers? |
Source: explorer.exe, 00000001.00000000.678657512.000000000B976000.00000002.00000001.sdmp |
String found in binary or memory: http://www.fontbureau.com/designersG |
Source: explorer.exe, 00000001.00000000.678657512.000000000B976000.00000002.00000001.sdmp |
String found in binary or memory: http://www.fonts.com |
Source: explorer.exe, 00000001.00000000.678657512.000000000B976000.00000002.00000001.sdmp |
String found in binary or memory: http://www.founder.com.cn/cn |
Source: explorer.exe, 00000001.00000000.678657512.000000000B976000.00000002.00000001.sdmp |
String found in binary or memory: http://www.founder.com.cn/cn/bThe |
Source: explorer.exe, 00000001.00000000.678657512.000000000B976000.00000002.00000001.sdmp |
String found in binary or memory: http://www.founder.com.cn/cn/cThe |
Source: explorer.exe, 00000001.00000000.678657512.000000000B976000.00000002.00000001.sdmp |
String found in binary or memory: http://www.galapagosdesign.com/DPlease |
Source: explorer.exe, 00000001.00000000.678657512.000000000B976000.00000002.00000001.sdmp |
String found in binary or memory: http://www.galapagosdesign.com/staff/dennis.htm |
Source: explorer.exe, 00000001.00000000.678657512.000000000B976000.00000002.00000001.sdmp |
String found in binary or memory: http://www.goodfont.co.kr |
Source: explorer.exe, 00000001.00000000.678657512.000000000B976000.00000002.00000001.sdmp |
String found in binary or memory: http://www.jiyu-kobo.co.jp/ |
Source: explorer.exe, 00000001.00000000.678657512.000000000B976000.00000002.00000001.sdmp |
String found in binary or memory: http://www.sajatypeworks.com |
Source: explorer.exe, 00000001.00000000.678657512.000000000B976000.00000002.00000001.sdmp |
String found in binary or memory: http://www.sakkal.com |
Source: explorer.exe, 00000001.00000000.678657512.000000000B976000.00000002.00000001.sdmp |
String found in binary or memory: http://www.sandoll.co.kr |
Source: explorer.exe, 00000001.00000000.678657512.000000000B976000.00000002.00000001.sdmp |
String found in binary or memory: http://www.tiro.com |
Source: explorer.exe, 00000001.00000000.678657512.000000000B976000.00000002.00000001.sdmp |
String found in binary or memory: http://www.typography.netD |
Source: explorer.exe, 00000001.00000000.678657512.000000000B976000.00000002.00000001.sdmp |
String found in binary or memory: http://www.urwpp.deDPlease |
Source: explorer.exe, 00000001.00000000.678657512.000000000B976000.00000002.00000001.sdmp |
String found in binary or memory: http://www.zhongyicts.com.cn |
Source: VCPjXmY0pr.exe, 00000000.00000002.688799779.0000000003011000.00000004.00000001.sdmp |
String found in binary or memory: https://jaireve.co/wp-content/languages/index.php |
Source: VCPjXmY0pr.exe, 00000000.00000002.688799779.0000000003011000.00000004.00000001.sdmp |
String found in binary or memory: https://www.weauthenticate.co.uk/wp-content/languages/index.php |
Source: VCPjXmY0pr.exe, 00000000.00000002.688799779.0000000003011000.00000004.00000001.sdmp |
String found in binary or memory: https://www.weauthenticate.co.uk/wp-content/languages/index.php1https://jaireve.co/wp-content/langua |
Source: VCPjXmY0pr.exe, type: SAMPLE |
Matched rule: apt_RU_Turla_Kazuar_DebugView_peFeatures hash2 = 44cc7f6c2b664f15b499c7d07c78c110861d2cc82787ddaad28a5af8efc3daac, author = JAG-S, description = Turla mimicking SysInternals Tools- peFeatures, version = 2.0, reference = https://www.epicturla.com/blog/sysinturla, score = 1749c96cc1a4beb9ad4d6e037e40902fac31042fa40152f1d3794f49ed1a2b5c |
Source: VCPjXmY0pr.exe, type: SAMPLE |
Matched rule: APT_MAL_RU_Turla_Kazuar_May20_1 date = 2020-05-28, hash4 = 44cc7f6c2b664f15b499c7d07c78c110861d2cc82787ddaad28a5af8efc3daac, hash3 = 2d8151dabf891cf743e67c6f9765ee79884d024b10d265119873b0967a09b20f, hash2 = 1fca5f41211c800830c5f5c3e355d31a05e4c702401a61f11e25387e25eeb7fa, hash1 = 1749c96cc1a4beb9ad4d6e037e40902fac31042fa40152f1d3794f49ed1a2b5c, author = Florian Roth, description = Detects Turla Kazuar malware, reference = https://www.epicturla.com/blog/sysinturla |
Source: C:\Users\user\AppData\Local\9de699449c084cfcaf7aae165ca409d7\7092ee1bf1e386348e9ed2a7b68b7ab2.dll, type: DROPPED |
Matched rule: Turla_KazuarRAT date = 2018-04-08, hash3 = 4e5a86e33e53931afe25a8cb108f53f9c7e6c6a731b0ef4f72ce638d0ea5c198, hash2 = 7594fab1aadc4fb08fb9dbb27c418e8bc7f08dadb2acf5533dc8560241ecfc1d, hash1 = 6b5d9fca6f49a044fd94c816e258bf50b1e90305d7dab2e0480349e80ed2a0fa, author = Markus Neis / Florian Roth, description = Detects Turla Kazuar RAT described by DrunkBinary, reference = https://twitter.com/DrunkBinary/status/982969891975319553 |
Source: 0.2.VCPjXmY0pr.exe.62480000.1.unpack, type: UNPACKEDPE |
Matched rule: Turla_KazuarRAT date = 2018-04-08, hash3 = 4e5a86e33e53931afe25a8cb108f53f9c7e6c6a731b0ef4f72ce638d0ea5c198, hash2 = 7594fab1aadc4fb08fb9dbb27c418e8bc7f08dadb2acf5533dc8560241ecfc1d, hash1 = 6b5d9fca6f49a044fd94c816e258bf50b1e90305d7dab2e0480349e80ed2a0fa, author = Markus Neis / Florian Roth, description = Detects Turla Kazuar RAT described by DrunkBinary, reference = https://twitter.com/DrunkBinary/status/982969891975319553 |
Source: 0.0.VCPjXmY0pr.exe.9b0000.0.unpack, type: UNPACKEDPE |
Matched rule: apt_RU_Turla_Kazuar_DebugView_peFeatures hash2 = 44cc7f6c2b664f15b499c7d07c78c110861d2cc82787ddaad28a5af8efc3daac, author = JAG-S, description = Turla mimicking SysInternals Tools- peFeatures, version = 2.0, reference = https://www.epicturla.com/blog/sysinturla, score = 1749c96cc1a4beb9ad4d6e037e40902fac31042fa40152f1d3794f49ed1a2b5c |
Source: 0.0.VCPjXmY0pr.exe.9b0000.0.unpack, type: UNPACKEDPE |
Matched rule: APT_MAL_RU_Turla_Kazuar_May20_1 date = 2020-05-28, hash4 = 44cc7f6c2b664f15b499c7d07c78c110861d2cc82787ddaad28a5af8efc3daac, hash3 = 2d8151dabf891cf743e67c6f9765ee79884d024b10d265119873b0967a09b20f, hash2 = 1fca5f41211c800830c5f5c3e355d31a05e4c702401a61f11e25387e25eeb7fa, hash1 = 1749c96cc1a4beb9ad4d6e037e40902fac31042fa40152f1d3794f49ed1a2b5c, author = Florian Roth, description = Detects Turla Kazuar malware, reference = https://www.epicturla.com/blog/sysinturla |
Source: 0.2.VCPjXmY0pr.exe.9b0000.0.unpack, type: UNPACKEDPE |
Matched rule: apt_RU_Turla_Kazuar_DebugView_peFeatures hash2 = 44cc7f6c2b664f15b499c7d07c78c110861d2cc82787ddaad28a5af8efc3daac, author = JAG-S, description = Turla mimicking SysInternals Tools- peFeatures, version = 2.0, reference = https://www.epicturla.com/blog/sysinturla, score = 1749c96cc1a4beb9ad4d6e037e40902fac31042fa40152f1d3794f49ed1a2b5c |
Source: 0.2.VCPjXmY0pr.exe.9b0000.0.unpack, type: UNPACKEDPE |
Matched rule: APT_MAL_RU_Turla_Kazuar_May20_1 date = 2020-05-28, hash4 = 44cc7f6c2b664f15b499c7d07c78c110861d2cc82787ddaad28a5af8efc3daac, hash3 = 2d8151dabf891cf743e67c6f9765ee79884d024b10d265119873b0967a09b20f, hash2 = 1fca5f41211c800830c5f5c3e355d31a05e4c702401a61f11e25387e25eeb7fa, hash1 = 1749c96cc1a4beb9ad4d6e037e40902fac31042fa40152f1d3794f49ed1a2b5c, author = Florian Roth, description = Detects Turla Kazuar malware, reference = https://www.epicturla.com/blog/sysinturla |
Source: VCPjXmY0pr.exe, oKNGvtPGtCTMPpOxDvUHlAChNZGw.cs |
High entropy of concatenated method names: 'kafSqoPznidGdUKnHguLXljbXBMA', 'LvguNyxphZcgqtToZrVVsKFrHzsY', 'seeGDOBfDaOlBbBHqxuyACVwjvQmA', 'fThBgPgmraqMMhurquOFnDtCMVDY', 'VmwikgacwGaIvpXiNfPEivIVIKMDb', 'kyNfXlhdUbtDBndkvWzdgRvWlWUkA', '.ctor' |
Source: VCPjXmY0pr.exe, DteHEPsmEtHhhwFTNYpXIIThIgSr.cs |
High entropy of concatenated method names: 'kafSqoPznidGdUKnHguLXljbXBMA', 'LvguNyxphZcgqtToZrVVsKFrHzsY', 'seeGDOBfDaOlBbBHqxuyACVwjvQmA', 'VmwikgacwGaIvpXiNfPEivIVIKMDb', 'kyNfXlhdUbtDBndkvWzdgRvWlWUkA', '.ctor' |
Source: VCPjXmY0pr.exe, WAilIsDhwFrPIXiaBQdCthAaCvye.cs |
High entropy of concatenated method names: 'kafSqoPznidGdUKnHguLXljbXBMA', 'LvguNyxphZcgqtToZrVVsKFrHzsY', 'seeGDOBfDaOlBbBHqxuyACVwjvQmA', 'VmwikgacwGaIvpXiNfPEivIVIKMDb', 'kyNfXlhdUbtDBndkvWzdgRvWlWUkA', '.ctor' |
Source: VCPjXmY0pr.exe, lwqQYZKBwOXSoyAQtOILpszueCCr.cs |
High entropy of concatenated method names: 'kafSqoPznidGdUKnHguLXljbXBMA', 'LvguNyxphZcgqtToZrVVsKFrHzsY', 'seeGDOBfDaOlBbBHqxuyACVwjvQmA', 'fThBgPgmraqMMhurquOFnDtCMVDY', 'VmwikgacwGaIvpXiNfPEivIVIKMDb', 'kyNfXlhdUbtDBndkvWzdgRvWlWUkA', 'BESFPzKfKQDDGoimktgzsZJfmaNs', '.ctor' |
Source: VCPjXmY0pr.exe, evwJCBryWduoCpuRjHXVeSRGDCdK.cs |
High entropy of concatenated method names: 'kafSqoPznidGdUKnHguLXljbXBMA', 'LvguNyxphZcgqtToZrVVsKFrHzsY', 'seeGDOBfDaOlBbBHqxuyACVwjvQmA', 'fThBgPgmraqMMhurquOFnDtCMVDY', 'VmwikgacwGaIvpXiNfPEivIVIKMDb', 'kyNfXlhdUbtDBndkvWzdgRvWlWUkA', '.ctor', 'mFvlXbOBwYFycNExDwsmdSXAUlTC' |
Source: VCPjXmY0pr.exe, TYOxYFoQUvQOzcgSAXTUIUXtTqP.cs |
High entropy of concatenated method names: 'kafSqoPznidGdUKnHguLXljbXBMA', 'LvguNyxphZcgqtToZrVVsKFrHzsY', 'seeGDOBfDaOlBbBHqxuyACVwjvQmA', 'fThBgPgmraqMMhurquOFnDtCMVDY', 'VmwikgacwGaIvpXiNfPEivIVIKMDb', 'kyNfXlhdUbtDBndkvWzdgRvWlWUkA', '.ctor', 'DOAlVtspoVtZsDRYZnvWSgROwMlp' |
Source: VCPjXmY0pr.exe, KhLUrdNneVMqjOpSdoqdyvaLujbj.cs |
High entropy of concatenated method names: 'kafSqoPznidGdUKnHguLXljbXBMA', 'LvguNyxphZcgqtToZrVVsKFrHzsY', 'seeGDOBfDaOlBbBHqxuyACVwjvQmA', 'fThBgPgmraqMMhurquOFnDtCMVDY', 'VmwikgacwGaIvpXiNfPEivIVIKMDb', 'kyNfXlhdUbtDBndkvWzdgRvWlWUkA', '.ctor' |
Source: VCPjXmY0pr.exe, PyJJNitSfJqvXbCTYUUrzsymciYX.cs |
High entropy of concatenated method names: 'kafSqoPznidGdUKnHguLXljbXBMA', 'LvguNyxphZcgqtToZrVVsKFrHzsY', 'seeGDOBfDaOlBbBHqxuyACVwjvQmA', 'fThBgPgmraqMMhurquOFnDtCMVDY', 'VmwikgacwGaIvpXiNfPEivIVIKMDb', 'kyNfXlhdUbtDBndkvWzdgRvWlWUkA', '.ctor' |
Source: VCPjXmY0pr.exe, VCkDjCCDwbcJkUlwdXTPjBYmzNfQ.cs |
High entropy of concatenated method names: 'kafSqoPznidGdUKnHguLXljbXBMA', 'LvguNyxphZcgqtToZrVVsKFrHzsY', 'seeGDOBfDaOlBbBHqxuyACVwjvQmA', 'fThBgPgmraqMMhurquOFnDtCMVDY', 'VmwikgacwGaIvpXiNfPEivIVIKMDb', 'kyNfXlhdUbtDBndkvWzdgRvWlWUkA', '.ctor', 'DOAlVtspoVtZsDRYZnvWSgROwMlp' |
Source: VCPjXmY0pr.exe, qJRFYGcPocAtTrfZlGrAXJMJZBPVA.cs |
High entropy of concatenated method names: 'kafSqoPznidGdUKnHguLXljbXBMA', 'LvguNyxphZcgqtToZrVVsKFrHzsY', 'seeGDOBfDaOlBbBHqxuyACVwjvQmA', 'fThBgPgmraqMMhurquOFnDtCMVDY', 'VmwikgacwGaIvpXiNfPEivIVIKMDb', 'kyNfXlhdUbtDBndkvWzdgRvWlWUkA', '.ctor', 'DOAlVtspoVtZsDRYZnvWSgROwMlp' |
Source: VCPjXmY0pr.exe, uOWFlXHpjsOByESGjkAeDXbtVDXrb.cs |
High entropy of concatenated method names: 'kafSqoPznidGdUKnHguLXljbXBMA', 'LvguNyxphZcgqtToZrVVsKFrHzsY', 'seeGDOBfDaOlBbBHqxuyACVwjvQmA', 'fThBgPgmraqMMhurquOFnDtCMVDY', 'VmwikgacwGaIvpXiNfPEivIVIKMDb', 'kyNfXlhdUbtDBndkvWzdgRvWlWUkA', '.ctor', 'DOAlVtspoVtZsDRYZnvWSgROwMlp' |
Source: VCPjXmY0pr.exe, OKTUKVPuuDYGxITuxNrCtXxMDJoC.cs |
High entropy of concatenated method names: 'uUmriooNvsGiUkwwzaOIlFvigksD', 'eRgbvDPMDOTkRPtLjFuGtoRrFmqv', 'jiImNtLestTpBtUWRnfloXVAaoQI', 'vdaBnoXZUkSrjeHxAmUiONUhcNKBA', 'uNBwbeDbCUukYLXPIhIIZtBypAIy', 'ncUStthzZpcDXiCzYSsPIhYbKNZp', 'lhRlKXDjVxAeXxyIiYlFismCXmMd', 'PvItMHIRZrKVlvCQvYJLgNNSASLM', 'tLilNWMRyDYOKxEKGLOPvKSHkUAF', 'qVnPtdRNMxbSGbuClYFvMgKPhvDHA' |
Source: VCPjXmY0pr.exe, fFukgVjYWaEFDfuLCEaeAIhjACpu.cs |
High entropy of concatenated method names: 'kafSqoPznidGdUKnHguLXljbXBMA', 'LvguNyxphZcgqtToZrVVsKFrHzsY', 'seeGDOBfDaOlBbBHqxuyACVwjvQmA', 'VmwikgacwGaIvpXiNfPEivIVIKMDb', 'kyNfXlhdUbtDBndkvWzdgRvWlWUkA', '.ctor' |
Source: VCPjXmY0pr.exe, NTUiRuGNXCALubTLidZuPliWwwtr.cs |
High entropy of concatenated method names: 'kafSqoPznidGdUKnHguLXljbXBMA', 'LvguNyxphZcgqtToZrVVsKFrHzsY', 'seeGDOBfDaOlBbBHqxuyACVwjvQmA', 'fThBgPgmraqMMhurquOFnDtCMVDY', 'VmwikgacwGaIvpXiNfPEivIVIKMDb', 'kyNfXlhdUbtDBndkvWzdgRvWlWUkA', '.ctor' |
Source: VCPjXmY0pr.exe, BnlCTyVPPJbeDfVuwxBXIIwSZXSdA.cs |
High entropy of concatenated method names: 'kafSqoPznidGdUKnHguLXljbXBMA', 'LvguNyxphZcgqtToZrVVsKFrHzsY', 'seeGDOBfDaOlBbBHqxuyACVwjvQmA', 'fThBgPgmraqMMhurquOFnDtCMVDY', 'VmwikgacwGaIvpXiNfPEivIVIKMDb', 'kyNfXlhdUbtDBndkvWzdgRvWlWUkA', '.ctor' |
Source: VCPjXmY0pr.exe, LKibmMaQProiRHPzDMvgNzgvUwDyA.cs |
High entropy of concatenated method names: 'kafSqoPznidGdUKnHguLXljbXBMA', 'LvguNyxphZcgqtToZrVVsKFrHzsY', 'seeGDOBfDaOlBbBHqxuyACVwjvQmA', 'VmwikgacwGaIvpXiNfPEivIVIKMDb', 'kyNfXlhdUbtDBndkvWzdgRvWlWUkA', '.ctor' |
Source: VCPjXmY0pr.exe, vcjGrbxppmxZxAbJTVMNjLbQdDBCA.cs |
High entropy of concatenated method names: 'kafSqoPznidGdUKnHguLXljbXBMA', 'LvguNyxphZcgqtToZrVVsKFrHzsY', 'seeGDOBfDaOlBbBHqxuyACVwjvQmA', 'fThBgPgmraqMMhurquOFnDtCMVDY', 'VmwikgacwGaIvpXiNfPEivIVIKMDb', 'kyNfXlhdUbtDBndkvWzdgRvWlWUkA', '.ctor' |
Source: VCPjXmY0pr.exe, putmnFDFHxWOCpnQJeIPFhapTDCvA.cs |
High entropy of concatenated method names: 'kafSqoPznidGdUKnHguLXljbXBMA', 'LvguNyxphZcgqtToZrVVsKFrHzsY', 'seeGDOBfDaOlBbBHqxuyACVwjvQmA', 'fThBgPgmraqMMhurquOFnDtCMVDY', 'VmwikgacwGaIvpXiNfPEivIVIKMDb', 'kyNfXlhdUbtDBndkvWzdgRvWlWUkA', '.ctor' |
Source: VCPjXmY0pr.exe, tYJxLndiqFFoadjBRcFjzCKyVPDw.cs |
High entropy of concatenated method names: 'kafSqoPznidGdUKnHguLXljbXBMA', 'LvguNyxphZcgqtToZrVVsKFrHzsY', 'seeGDOBfDaOlBbBHqxuyACVwjvQmA', 'VmwikgacwGaIvpXiNfPEivIVIKMDb', 'kyNfXlhdUbtDBndkvWzdgRvWlWUkA', '.ctor', 'VxDEoasEvMyvkTeBHhfKukJmOKoe' |
Source: 0.0.VCPjXmY0pr.exe.9b0000.0.unpack, DteHEPsmEtHhhwFTNYpXIIThIgSr.cs |
High entropy of concatenated method names: 'kafSqoPznidGdUKnHguLXljbXBMA', 'LvguNyxphZcgqtToZrVVsKFrHzsY', 'seeGDOBfDaOlBbBHqxuyACVwjvQmA', 'VmwikgacwGaIvpXiNfPEivIVIKMDb', 'kyNfXlhdUbtDBndkvWzdgRvWlWUkA', '.ctor' |
Source: 0.0.VCPjXmY0pr.exe.9b0000.0.unpack, WAilIsDhwFrPIXiaBQdCthAaCvye.cs |
High entropy of concatenated method names: 'kafSqoPznidGdUKnHguLXljbXBMA', 'LvguNyxphZcgqtToZrVVsKFrHzsY', 'seeGDOBfDaOlBbBHqxuyACVwjvQmA', 'VmwikgacwGaIvpXiNfPEivIVIKMDb', 'kyNfXlhdUbtDBndkvWzdgRvWlWUkA', '.ctor' |
Source: 0.0.VCPjXmY0pr.exe.9b0000.0.unpack, lwqQYZKBwOXSoyAQtOILpszueCCr.cs |
High entropy of concatenated method names: 'kafSqoPznidGdUKnHguLXljbXBMA', 'LvguNyxphZcgqtToZrVVsKFrHzsY', 'seeGDOBfDaOlBbBHqxuyACVwjvQmA', 'fThBgPgmraqMMhurquOFnDtCMVDY', 'VmwikgacwGaIvpXiNfPEivIVIKMDb', 'kyNfXlhdUbtDBndkvWzdgRvWlWUkA', 'BESFPzKfKQDDGoimktgzsZJfmaNs', '.ctor' |
Source: 0.0.VCPjXmY0pr.exe.9b0000.0.unpack, KhLUrdNneVMqjOpSdoqdyvaLujbj.cs |
High entropy of concatenated method names: 'kafSqoPznidGdUKnHguLXljbXBMA', 'LvguNyxphZcgqtToZrVVsKFrHzsY', 'seeGDOBfDaOlBbBHqxuyACVwjvQmA', 'fThBgPgmraqMMhurquOFnDtCMVDY', 'VmwikgacwGaIvpXiNfPEivIVIKMDb', 'kyNfXlhdUbtDBndkvWzdgRvWlWUkA', '.ctor' |
Source: 0.0.VCPjXmY0pr.exe.9b0000.0.unpack, PyJJNitSfJqvXbCTYUUrzsymciYX.cs |
High entropy of concatenated method names: 'kafSqoPznidGdUKnHguLXljbXBMA', 'LvguNyxphZcgqtToZrVVsKFrHzsY', 'seeGDOBfDaOlBbBHqxuyACVwjvQmA', 'fThBgPgmraqMMhurquOFnDtCMVDY', 'VmwikgacwGaIvpXiNfPEivIVIKMDb', 'kyNfXlhdUbtDBndkvWzdgRvWlWUkA', '.ctor' |
Source: 0.0.VCPjXmY0pr.exe.9b0000.0.unpack, oKNGvtPGtCTMPpOxDvUHlAChNZGw.cs |
High entropy of concatenated method names: 'kafSqoPznidGdUKnHguLXljbXBMA', 'LvguNyxphZcgqtToZrVVsKFrHzsY', 'seeGDOBfDaOlBbBHqxuyACVwjvQmA', 'fThBgPgmraqMMhurquOFnDtCMVDY', 'VmwikgacwGaIvpXiNfPEivIVIKMDb', 'kyNfXlhdUbtDBndkvWzdgRvWlWUkA', '.ctor' |
Source: 0.0.VCPjXmY0pr.exe.9b0000.0.unpack, OKTUKVPuuDYGxITuxNrCtXxMDJoC.cs |
High entropy of concatenated method names: 'uUmriooNvsGiUkwwzaOIlFvigksD', 'eRgbvDPMDOTkRPtLjFuGtoRrFmqv', 'jiImNtLestTpBtUWRnfloXVAaoQI', 'vdaBnoXZUkSrjeHxAmUiONUhcNKBA', 'uNBwbeDbCUukYLXPIhIIZtBypAIy', 'ncUStthzZpcDXiCzYSsPIhYbKNZp', 'lhRlKXDjVxAeXxyIiYlFismCXmMd', 'PvItMHIRZrKVlvCQvYJLgNNSASLM', 'tLilNWMRyDYOKxEKGLOPvKSHkUAF', 'qVnPtdRNMxbSGbuClYFvMgKPhvDHA' |
Source: 0.0.VCPjXmY0pr.exe.9b0000.0.unpack, fFukgVjYWaEFDfuLCEaeAIhjACpu.cs |
High entropy of concatenated method names: 'kafSqoPznidGdUKnHguLXljbXBMA', 'LvguNyxphZcgqtToZrVVsKFrHzsY', 'seeGDOBfDaOlBbBHqxuyACVwjvQmA', 'VmwikgacwGaIvpXiNfPEivIVIKMDb', 'kyNfXlhdUbtDBndkvWzdgRvWlWUkA', '.ctor' |
Source: 0.0.VCPjXmY0pr.exe.9b0000.0.unpack, NTUiRuGNXCALubTLidZuPliWwwtr.cs |
High entropy of concatenated method names: 'kafSqoPznidGdUKnHguLXljbXBMA', 'LvguNyxphZcgqtToZrVVsKFrHzsY', 'seeGDOBfDaOlBbBHqxuyACVwjvQmA', 'fThBgPgmraqMMhurquOFnDtCMVDY', 'VmwikgacwGaIvpXiNfPEivIVIKMDb', 'kyNfXlhdUbtDBndkvWzdgRvWlWUkA', '.ctor' |
Source: 0.0.VCPjXmY0pr.exe.9b0000.0.unpack, BnlCTyVPPJbeDfVuwxBXIIwSZXSdA.cs |
High entropy of concatenated method names: 'kafSqoPznidGdUKnHguLXljbXBMA', 'LvguNyxphZcgqtToZrVVsKFrHzsY', 'seeGDOBfDaOlBbBHqxuyACVwjvQmA', 'fThBgPgmraqMMhurquOFnDtCMVDY', 'VmwikgacwGaIvpXiNfPEivIVIKMDb', 'kyNfXlhdUbtDBndkvWzdgRvWlWUkA', '.ctor' |
Source: 0.0.VCPjXmY0pr.exe.9b0000.0.unpack, VCkDjCCDwbcJkUlwdXTPjBYmzNfQ.cs |
High entropy of concatenated method names: 'kafSqoPznidGdUKnHguLXljbXBMA', 'LvguNyxphZcgqtToZrVVsKFrHzsY', 'seeGDOBfDaOlBbBHqxuyACVwjvQmA', 'fThBgPgmraqMMhurquOFnDtCMVDY', 'VmwikgacwGaIvpXiNfPEivIVIKMDb', 'kyNfXlhdUbtDBndkvWzdgRvWlWUkA', '.ctor', 'DOAlVtspoVtZsDRYZnvWSgROwMlp' |
Source: 0.0.VCPjXmY0pr.exe.9b0000.0.unpack, qJRFYGcPocAtTrfZlGrAXJMJZBPVA.cs |
High entropy of concatenated method names: 'kafSqoPznidGdUKnHguLXljbXBMA', 'LvguNyxphZcgqtToZrVVsKFrHzsY', 'seeGDOBfDaOlBbBHqxuyACVwjvQmA', 'fThBgPgmraqMMhurquOFnDtCMVDY', 'VmwikgacwGaIvpXiNfPEivIVIKMDb', 'kyNfXlhdUbtDBndkvWzdgRvWlWUkA', '.ctor', 'DOAlVtspoVtZsDRYZnvWSgROwMlp' |
Source: 0.0.VCPjXmY0pr.exe.9b0000.0.unpack, uOWFlXHpjsOByESGjkAeDXbtVDXrb.cs |
High entropy of concatenated method names: 'kafSqoPznidGdUKnHguLXljbXBMA', 'LvguNyxphZcgqtToZrVVsKFrHzsY', 'seeGDOBfDaOlBbBHqxuyACVwjvQmA', 'fThBgPgmraqMMhurquOFnDtCMVDY', 'VmwikgacwGaIvpXiNfPEivIVIKMDb', 'kyNfXlhdUbtDBndkvWzdgRvWlWUkA', '.ctor', 'DOAlVtspoVtZsDRYZnvWSgROwMlp' |
Source: 0.0.VCPjXmY0pr.exe.9b0000.0.unpack, evwJCBryWduoCpuRjHXVeSRGDCdK.cs |
High entropy of concatenated method names: 'kafSqoPznidGdUKnHguLXljbXBMA', 'LvguNyxphZcgqtToZrVVsKFrHzsY', 'seeGDOBfDaOlBbBHqxuyACVwjvQmA', 'fThBgPgmraqMMhurquOFnDtCMVDY', 'VmwikgacwGaIvpXiNfPEivIVIKMDb', 'kyNfXlhdUbtDBndkvWzdgRvWlWUkA', '.ctor', 'mFvlXbOBwYFycNExDwsmdSXAUlTC' |
Source: 0.0.VCPjXmY0pr.exe.9b0000.0.unpack, TYOxYFoQUvQOzcgSAXTUIUXtTqP.cs |
High entropy of concatenated method names: 'kafSqoPznidGdUKnHguLXljbXBMA', 'LvguNyxphZcgqtToZrVVsKFrHzsY', 'seeGDOBfDaOlBbBHqxuyACVwjvQmA', 'fThBgPgmraqMMhurquOFnDtCMVDY', 'VmwikgacwGaIvpXiNfPEivIVIKMDb', 'kyNfXlhdUbtDBndkvWzdgRvWlWUkA', '.ctor', 'DOAlVtspoVtZsDRYZnvWSgROwMlp' |
Source: 0.0.VCPjXmY0pr.exe.9b0000.0.unpack, putmnFDFHxWOCpnQJeIPFhapTDCvA.cs |
High entropy of concatenated method names: 'kafSqoPznidGdUKnHguLXljbXBMA', 'LvguNyxphZcgqtToZrVVsKFrHzsY', 'seeGDOBfDaOlBbBHqxuyACVwjvQmA', 'fThBgPgmraqMMhurquOFnDtCMVDY', 'VmwikgacwGaIvpXiNfPEivIVIKMDb', 'kyNfXlhdUbtDBndkvWzdgRvWlWUkA', '.ctor' |
Source: 0.0.VCPjXmY0pr.exe.9b0000.0.unpack, tYJxLndiqFFoadjBRcFjzCKyVPDw.cs |
High entropy of concatenated method names: 'kafSqoPznidGdUKnHguLXljbXBMA', 'LvguNyxphZcgqtToZrVVsKFrHzsY', 'seeGDOBfDaOlBbBHqxuyACVwjvQmA', 'VmwikgacwGaIvpXiNfPEivIVIKMDb', 'kyNfXlhdUbtDBndkvWzdgRvWlWUkA', '.ctor', 'VxDEoasEvMyvkTeBHhfKukJmOKoe' |
Source: 0.0.VCPjXmY0pr.exe.9b0000.0.unpack, LKibmMaQProiRHPzDMvgNzgvUwDyA.cs |
High entropy of concatenated method names: 'kafSqoPznidGdUKnHguLXljbXBMA', 'LvguNyxphZcgqtToZrVVsKFrHzsY', 'seeGDOBfDaOlBbBHqxuyACVwjvQmA', 'VmwikgacwGaIvpXiNfPEivIVIKMDb', 'kyNfXlhdUbtDBndkvWzdgRvWlWUkA', '.ctor' |
Source: 0.0.VCPjXmY0pr.exe.9b0000.0.unpack, vcjGrbxppmxZxAbJTVMNjLbQdDBCA.cs |
High entropy of concatenated method names: 'kafSqoPznidGdUKnHguLXljbXBMA', 'LvguNyxphZcgqtToZrVVsKFrHzsY', 'seeGDOBfDaOlBbBHqxuyACVwjvQmA', 'fThBgPgmraqMMhurquOFnDtCMVDY', 'VmwikgacwGaIvpXiNfPEivIVIKMDb', 'kyNfXlhdUbtDBndkvWzdgRvWlWUkA', '.ctor' |
Source: C:\Users\user\Desktop\VCPjXmY0pr.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\VCPjXmY0pr.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\VCPjXmY0pr.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\VCPjXmY0pr.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\VCPjXmY0pr.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\VCPjXmY0pr.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\VCPjXmY0pr.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\VCPjXmY0pr.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\VCPjXmY0pr.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\VCPjXmY0pr.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\VCPjXmY0pr.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\VCPjXmY0pr.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\VCPjXmY0pr.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\VCPjXmY0pr.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\VCPjXmY0pr.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\VCPjXmY0pr.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\VCPjXmY0pr.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\VCPjXmY0pr.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\VCPjXmY0pr.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\VCPjXmY0pr.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\VCPjXmY0pr.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\VCPjXmY0pr.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\VCPjXmY0pr.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\VCPjXmY0pr.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\VCPjXmY0pr.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\VCPjXmY0pr.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\VCPjXmY0pr.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\VCPjXmY0pr.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\VCPjXmY0pr.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\VCPjXmY0pr.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\VCPjXmY0pr.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\VCPjXmY0pr.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\VCPjXmY0pr.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\VCPjXmY0pr.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\VCPjXmY0pr.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\VCPjXmY0pr.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\VCPjXmY0pr.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\VCPjXmY0pr.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\VCPjXmY0pr.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\VCPjXmY0pr.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\explorer.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: explorer.exe, 00000001.00000000.677524244.000000000A60E000.00000004.00000001.sdmp |
Binary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#5&280b647&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b} |
Source: explorer.exe, 00000001.00000000.673659873.00000000058C0000.00000002.00000001.sdmp |
Binary or memory string: A Virtual Machine could not be started because Hyper-V is not installed. |
Source: explorer.exe, 00000001.00000000.674532575.0000000006650000.00000004.00000001.sdmp |
Binary or memory string: \\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b} |
Source: explorer.exe, 00000001.00000000.677524244.000000000A60E000.00000004.00000001.sdmp |
Binary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#5&280b647&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b} |
Source: explorer.exe, 00000001.00000000.671223228.0000000004710000.00000004.00000001.sdmp |
Binary or memory string: SCSI\Disk&Ven_VMware&Prod_Virtual_disk\5&1ec51bf7&0&000000[Wm |
Source: explorer.exe, 00000001.00000000.673659873.00000000058C0000.00000002.00000001.sdmp |
Binary or memory string: A communication protocol error has occurred between the Hyper-V Host and Guest Compute Service. |
Source: explorer.exe, 00000001.00000000.677640558.000000000A716000.00000004.00000001.sdmp |
Binary or memory string: SCSI\CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00\5&280b647&0&000000/ |
Source: explorer.exe, 00000001.00000000.673659873.00000000058C0000.00000002.00000001.sdmp |
Binary or memory string: The communication protocol version between the Hyper-V Host and Guest Compute Services is not supported. |
Source: explorer.exe, 00000001.00000000.677704442.000000000A784000.00000004.00000001.sdmp |
Binary or memory string: SCSI\CDROM&VEN_NECVMWAR&PROD_VMWARE_SATA_CD00\5&280B647&0&000000@ |
Source: explorer.exe, 00000001.00000000.673659873.00000000058C0000.00000002.00000001.sdmp |
Binary or memory string: An unknown internal message was received by the Hyper-V Compute Service. |