Source: AE-808_RAJEN.exe, 00000001.00000002.1032201040.0000000003341000.00000004.00000001.sdmp | String found in binary or memory: http://127.0.0.1:HTTP/1.1 |
Source: AE-808_RAJEN.exe, 00000001.00000002.1032201040.0000000003341000.00000004.00000001.sdmp | String found in binary or memory: http://DynDns.comDynDNS |
Source: AE-808_RAJEN.exe, 00000001.00000002.1032201040.0000000003341000.00000004.00000001.sdmp | String found in binary or memory: http://lOlcWJ.com |
Source: AE-808_RAJEN.exe, 00000000.00000002.654461075.0000000002B91000.00000004.00000001.sdmp | String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name |
Source: AE-808_RAJEN.exe, 00000001.00000002.1032679809.00000000036A5000.00000004.00000001.sdmp | String found in binary or memory: http://server116.web-hosting.com |
Source: AE-808_RAJEN.exe | String found in binary or memory: http://simpletimelapse.sourceforge.net/update/version.txt?Refresh= |
Source: AE-808_RAJEN.exe, 00000001.00000002.1032201040.0000000003341000.00000004.00000001.sdmp | String found in binary or memory: https://EiR6SA0ya1Q.or |
Source: AE-808_RAJEN.exe, 00000001.00000002.1032201040.0000000003341000.00000004.00000001.sdmp | String found in binary or memory: https://EiR6SA0ya1Q.org |
Source: AE-808_RAJEN.exe | String found in binary or memory: https://api.lightboot.org/panel/index.php?page=Api&key=b6udeJ2WqDoyHKzzsEjfG3QajboCjeJv&host= |
Source: AE-808_RAJEN.exe | String found in binary or memory: https://ffmpeg.org |
Source: AE-808_RAJEN.exe | String found in binary or memory: https://simpletimelapse.sourceforge.io/update/changelog.txt |
Source: AE-808_RAJEN.exe | String found in binary or memory: https://simpletimelapse.sourceforge.io/update/version.txt |
Source: AE-808_RAJEN.exe | String found in binary or memory: https://simpletimelapse.sourceforge.io/update/version.txtwhttps://simpletimelapse.sourceforge.io/upd |
Source: AE-808_RAJEN.exe | String found in binary or memory: https://www.flaticon.com/packs/free-basic-ui-elements |
Source: AE-808_RAJEN.exe, 00000000.00000002.654789370.0000000003B99000.00000004.00000001.sdmp, AE-808_RAJEN.exe, 00000001.00000002.1030691966.0000000000402000.00000040.00000001.sdmp | String found in binary or memory: https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip |
Source: AE-808_RAJEN.exe, 00000001.00000002.1032201040.0000000003341000.00000004.00000001.sdmp | String found in binary or memory: https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip%tordir%%ha |
Source: C:\Users\user\Desktop\AE-808_RAJEN.exe | Code function: 0_2_02A5C2B0 | 0_2_02A5C2B0 |
Source: C:\Users\user\Desktop\AE-808_RAJEN.exe | Code function: 0_2_02A599B8 | 0_2_02A599B8 |
Source: C:\Users\user\Desktop\AE-808_RAJEN.exe | Code function: 0_2_05EB6290 | 0_2_05EB6290 |
Source: C:\Users\user\Desktop\AE-808_RAJEN.exe | Code function: 0_2_05EB0040 | 0_2_05EB0040 |
Source: C:\Users\user\Desktop\AE-808_RAJEN.exe | Code function: 0_2_05EB0006 | 0_2_05EB0006 |
Source: C:\Users\user\Desktop\AE-808_RAJEN.exe | Code function: 0_2_05EB001C | 0_2_05EB001C |
Source: C:\Users\user\Desktop\AE-808_RAJEN.exe | Code function: 0_2_05EB6280 | 0_2_05EB6280 |
Source: C:\Users\user\Desktop\AE-808_RAJEN.exe | Code function: 0_2_06504A50 | 0_2_06504A50 |
Source: C:\Users\user\Desktop\AE-808_RAJEN.exe | Code function: 0_2_06508728 | 0_2_06508728 |
Source: C:\Users\user\Desktop\AE-808_RAJEN.exe | Code function: 0_2_06504180 | 0_2_06504180 |
Source: C:\Users\user\Desktop\AE-808_RAJEN.exe | Code function: 0_2_06503E38 | 0_2_06503E38 |
Source: C:\Users\user\Desktop\AE-808_RAJEN.exe | Code function: 0_2_06500015 | 0_2_06500015 |
Source: C:\Users\user\Desktop\AE-808_RAJEN.exe | Code function: 1_2_01447C68 | 1_2_01447C68 |
Source: C:\Users\user\Desktop\AE-808_RAJEN.exe | Code function: 1_2_0144DF28 | 1_2_0144DF28 |
Source: C:\Users\user\Desktop\AE-808_RAJEN.exe | Code function: 1_2_01440B51 | 1_2_01440B51 |
Source: C:\Users\user\Desktop\AE-808_RAJEN.exe | Code function: 1_2_01448FA0 | 1_2_01448FA0 |
Source: C:\Users\user\Desktop\AE-808_RAJEN.exe | Code function: 1_2_017B47A0 | 1_2_017B47A0 |
Source: C:\Users\user\Desktop\AE-808_RAJEN.exe | Code function: 1_2_017B4790 | 1_2_017B4790 |
Source: C:\Users\user\Desktop\AE-808_RAJEN.exe | Code function: 1_2_064D6510 | 1_2_064D6510 |
Source: C:\Users\user\Desktop\AE-808_RAJEN.exe | Code function: 1_2_064DEBD0 | 1_2_064DEBD0 |
Source: C:\Users\user\Desktop\AE-808_RAJEN.exe | Code function: 1_2_064D6858 | 1_2_064D6858 |
Source: C:\Users\user\Desktop\AE-808_RAJEN.exe | Code function: 1_2_064D90F0 | 1_2_064D90F0 |
Source: C:\Users\user\Desktop\AE-808_RAJEN.exe | Code function: 1_2_064D7128 | 1_2_064D7128 |
Source: AE-808_RAJEN.exe | Binary or memory string: OriginalFilename vs AE-808_RAJEN.exe |
Source: AE-808_RAJEN.exe, 00000000.00000002.654506944.0000000002BCE000.00000004.00000001.sdmp | Binary or memory string: OriginalFilenameSoapName.dll2 vs AE-808_RAJEN.exe |
Source: AE-808_RAJEN.exe, 00000000.00000002.654461075.0000000002B91000.00000004.00000001.sdmp | Binary or memory string: OriginalFilenameJbNoFYPjeMFbpEdEIKHcoCEGJFhJNzgafOODrX.exe4 vs AE-808_RAJEN.exe |
Source: AE-808_RAJEN.exe, 00000000.00000002.654908714.0000000003C86000.00000004.00000001.sdmp | Binary or memory string: OriginalFilenamePositiveSign.dll< vs AE-808_RAJEN.exe |
Source: AE-808_RAJEN.exe, 00000000.00000000.646175766.0000000000672000.00000002.00020000.sdmp | Binary or memory string: OriginalFilenameXmlToFieldTypeMap.exeL vs AE-808_RAJEN.exe |
Source: AE-808_RAJEN.exe | Binary or memory string: OriginalFilename vs AE-808_RAJEN.exe |
Source: AE-808_RAJEN.exe, 00000001.00000002.1033808650.0000000006380000.00000002.00000001.sdmp | Binary or memory string: OriginalFilenameKernelbase.dll.muij% vs AE-808_RAJEN.exe |
Source: AE-808_RAJEN.exe, 00000001.00000002.1030890833.0000000001338000.00000004.00000001.sdmp | Binary or memory string: OriginalFilenameUNKNOWN_FILET vs AE-808_RAJEN.exe |
Source: AE-808_RAJEN.exe, 00000001.00000002.1031370246.000000000164A000.00000004.00000020.sdmp | Binary or memory string: OriginalFilenameclr.dllT vs AE-808_RAJEN.exe |
Source: AE-808_RAJEN.exe, 00000001.00000000.651232600.0000000000EA2000.00000002.00020000.sdmp | Binary or memory string: OriginalFilenameXmlToFieldTypeMap.exeL vs AE-808_RAJEN.exe |
Source: AE-808_RAJEN.exe, 00000001.00000002.1030691966.0000000000402000.00000040.00000001.sdmp | Binary or memory string: OriginalFilenameJbNoFYPjeMFbpEdEIKHcoCEGJFhJNzgafOODrX.exe4 vs AE-808_RAJEN.exe |
Source: AE-808_RAJEN.exe, 00000001.00000002.1031811029.0000000001880000.00000002.00000001.sdmp | Binary or memory string: OriginalFilenamewshom.ocx.mui vs AE-808_RAJEN.exe |
Source: AE-808_RAJEN.exe | Binary or memory string: OriginalFilenameXmlToFieldTypeMap.exeL vs AE-808_RAJEN.exe |
Source: AE-808_RAJEN.exe, BowenTheatre.Bookings/Encrypta??o.cs | Cryptographic APIs: 'TransformFinalBlock' |
Source: AE-808_RAJEN.exe, BowenTheatre.Bookings/Encrypta??o.cs | Cryptographic APIs: 'CreateDecryptor', 'TransformFinalBlock' |
Source: 0.0.AE-808_RAJEN.exe.670000.0.unpack, BowenTheatre.Bookings/Encrypta??o.cs | Cryptographic APIs: 'TransformFinalBlock' |
Source: 0.0.AE-808_RAJEN.exe.670000.0.unpack, BowenTheatre.Bookings/Encrypta??o.cs | Cryptographic APIs: 'CreateDecryptor', 'TransformFinalBlock' |
Source: 1.0.AE-808_RAJEN.exe.ea0000.0.unpack, BowenTheatre.Bookings/Encrypta??o.cs | Cryptographic APIs: 'TransformFinalBlock' |
Source: 1.0.AE-808_RAJEN.exe.ea0000.0.unpack, BowenTheatre.Bookings/Encrypta??o.cs | Cryptographic APIs: 'CreateDecryptor', 'TransformFinalBlock' |
Source: C:\Users\user\Desktop\AE-808_RAJEN.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\AE-808_RAJEN.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\AE-808_RAJEN.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\AE-808_RAJEN.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\AE-808_RAJEN.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\AE-808_RAJEN.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\AE-808_RAJEN.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\AE-808_RAJEN.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\AE-808_RAJEN.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\AE-808_RAJEN.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\AE-808_RAJEN.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\AE-808_RAJEN.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\AE-808_RAJEN.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\AE-808_RAJEN.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\AE-808_RAJEN.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\AE-808_RAJEN.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\AE-808_RAJEN.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\AE-808_RAJEN.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\AE-808_RAJEN.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\AE-808_RAJEN.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\AE-808_RAJEN.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\AE-808_RAJEN.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\AE-808_RAJEN.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\AE-808_RAJEN.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\AE-808_RAJEN.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\AE-808_RAJEN.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\AE-808_RAJEN.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\AE-808_RAJEN.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\AE-808_RAJEN.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\AE-808_RAJEN.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\AE-808_RAJEN.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\AE-808_RAJEN.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\AE-808_RAJEN.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\AE-808_RAJEN.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\AE-808_RAJEN.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\AE-808_RAJEN.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\AE-808_RAJEN.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\AE-808_RAJEN.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\AE-808_RAJEN.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\AE-808_RAJEN.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\AE-808_RAJEN.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\AE-808_RAJEN.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\AE-808_RAJEN.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\AE-808_RAJEN.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\AE-808_RAJEN.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\AE-808_RAJEN.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\AE-808_RAJEN.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\AE-808_RAJEN.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\AE-808_RAJEN.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\AE-808_RAJEN.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\AE-808_RAJEN.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\AE-808_RAJEN.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\AE-808_RAJEN.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\AE-808_RAJEN.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\AE-808_RAJEN.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\AE-808_RAJEN.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\AE-808_RAJEN.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\AE-808_RAJEN.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\AE-808_RAJEN.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\AE-808_RAJEN.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\AE-808_RAJEN.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\AE-808_RAJEN.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\AE-808_RAJEN.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\AE-808_RAJEN.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\AE-808_RAJEN.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\AE-808_RAJEN.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\AE-808_RAJEN.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\AE-808_RAJEN.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\AE-808_RAJEN.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\AE-808_RAJEN.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\AE-808_RAJEN.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\AE-808_RAJEN.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\AE-808_RAJEN.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\AE-808_RAJEN.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\AE-808_RAJEN.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\AE-808_RAJEN.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\AE-808_RAJEN.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\AE-808_RAJEN.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\AE-808_RAJEN.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\AE-808_RAJEN.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\AE-808_RAJEN.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\AE-808_RAJEN.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\AE-808_RAJEN.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\AE-808_RAJEN.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\AE-808_RAJEN.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\AE-808_RAJEN.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\AE-808_RAJEN.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: C:\Users\user\Desktop\AE-808_RAJEN.exe | Process information set: NOOPENFILEERRORBOX | Jump to behavior |
Source: AE-808_RAJEN.exe, 00000000.00000002.654041690.0000000000D36000.00000004.00000020.sdmp | Binary or memory string: VMware |
Source: AE-808_RAJEN.exe, 00000000.00000002.654461075.0000000002B91000.00000004.00000001.sdmp | Binary or memory string: %l%C:\PROGRAM FILES\VMWARE\VMWARE TOOLS\ |
Source: AE-808_RAJEN.exe, 00000000.00000002.654041690.0000000000D36000.00000004.00000020.sdmp | Binary or memory string: Win32_VideoController(Standard display types)VMwareUN_ASN62Win32_VideoControllerO7X6AYD1VideoController120060621000000.000000-0007724726.display.infMSBDA__NMLRRMPCI\VEN_15AD&DEV_0405&SUBSYS_040515AD&REV_00\3&61AAA01&0&78OKWin32_ComputerSystemcomputer1280 x 1024 x 4294967296 colorsWG1TSHMA |
Source: AE-808_RAJEN.exe, 00000001.00000003.866676188.0000000001730000.00000004.00000001.sdmp | Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll\Modules;C:\Windows\system32\WindowsPowerShell\v1.0\Modules;C:\Program Files (x86)\AutoIt3\AutoItXPUBLIC=C:\Users\PublicSESSIONNAME=ConsoleSystemDrive=C:SystemRoot=C:\WindowsTEMP=C:\Users\user\AppData\Local\TempTMP=C:\Use |
Source: AE-808_RAJEN.exe, 00000000.00000002.654506944.0000000002BCE000.00000004.00000001.sdmp | Binary or memory string: InstallPathJC:\PROGRAM FILES\VMWARE\VMWARE TOOLS\ |
Source: AE-808_RAJEN.exe, 00000001.00000002.1033808650.0000000006380000.00000002.00000001.sdmp | Binary or memory string: A Virtual Machine could not be started because Hyper-V is not installed. |
Source: AE-808_RAJEN.exe, 00000000.00000002.654506944.0000000002BCE000.00000004.00000001.sdmp | Binary or memory string: vmware |
Source: AE-808_RAJEN.exe, 00000000.00000002.654041690.0000000000D36000.00000004.00000020.sdmp | Binary or memory string: Win32_VideoController(Standard display types)VMwareUN_ASN62Win32_VideoControllerO7X6AYD1VideoController120060621000000.000000-0007724726.display.infMSBDA__NMLRRMPCI\VEN_15AD&DEV_0405&U/3:Y |
Source: AE-808_RAJEN.exe, 00000000.00000002.654461075.0000000002B91000.00000004.00000001.sdmp | Binary or memory string: VMWARE |
Source: AE-808_RAJEN.exe, 00000000.00000002.654461075.0000000002B91000.00000004.00000001.sdmp | Binary or memory string: %l"SOFTWARE\VMware, Inc.\VMware Tools |
Source: AE-808_RAJEN.exe, 00000001.00000002.1033808650.0000000006380000.00000002.00000001.sdmp | Binary or memory string: A communication protocol error has occurred between the Hyper-V Host and Guest Compute Service. |
Source: AE-808_RAJEN.exe, 00000001.00000002.1033808650.0000000006380000.00000002.00000001.sdmp | Binary or memory string: The communication protocol version between the Hyper-V Host and Guest Compute Services is not supported. |
Source: AE-808_RAJEN.exe, 00000000.00000002.654506944.0000000002BCE000.00000004.00000001.sdmp | Binary or memory string: VMware SVGA II |
Source: AE-808_RAJEN.exe, 00000000.00000002.654506944.0000000002BCE000.00000004.00000001.sdmp | Binary or memory string: VMWAREDSOFTWARE\VMware, Inc.\VMware Tools |
Source: AE-808_RAJEN.exe, 00000001.00000002.1033808650.0000000006380000.00000002.00000001.sdmp | Binary or memory string: An unknown internal message was received by the Hyper-V Compute Service. |
Source: C:\Users\user\Desktop\AE-808_RAJEN.exe | Queries volume information: C:\Users\user\Desktop\AE-808_RAJEN.exe VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\AE-808_RAJEN.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\AE-808_RAJEN.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\AE-808_RAJEN.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\AE-808_RAJEN.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\AE-808_RAJEN.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Remoting\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\AE-808_RAJEN.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\AE-808_RAJEN.exe | Queries volume information: C:\Users\user\Desktop\AE-808_RAJEN.exe VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\AE-808_RAJEN.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\AE-808_RAJEN.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\AE-808_RAJEN.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\AE-808_RAJEN.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\AE-808_RAJEN.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\AE-808_RAJEN.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\AE-808_RAJEN.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation | Jump to behavior |
Source: C:\Users\user\Desktop\AE-808_RAJEN.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation | Jump to behavior |