Source: InstallUtil.exe, 0000000F.00000002.477839397.00000000029A1000.00000004.00000001.sdmp |
String found in binary or memory: http://127.0.0.1:HTTP/1.1 |
Source: InstallUtil.exe, 0000000F.00000002.477839397.00000000029A1000.00000004.00000001.sdmp |
String found in binary or memory: http://DynDns.comDynDNS |
Source: InstallUtil.exe, 0000000F.00000002.477839397.00000000029A1000.00000004.00000001.sdmp |
String found in binary or memory: http://HDgGGv.com |
Source: badman.exe, 0000000E.00000002.415907828.00000000016AE000.00000004.00000020.sdmp |
String found in binary or memory: http://crl.globalsign.net/root-r2.crl0 |
Source: badman.exe, 0000000E.00000002.416023782.000000000171C000.00000004.00000020.sdmp |
String found in binary or memory: http://crl.pki.goog/GTS1O1core.crl0 |
Source: badman.exe, 0000000E.00000002.416023782.000000000171C000.00000004.00000020.sdmp |
String found in binary or memory: http://crl.pki.goog/gsr2/gsr2.crl0? |
Source: badman.exe, 0000000E.00000002.416023782.000000000171C000.00000004.00000020.sdmp |
String found in binary or memory: http://crl3.digicert.com/Omniroot2025.crl0 |
Source: REQUEST FOR OFFER.exe, 00000000.00000003.217353767.0000000009A83000.00000004.00000001.sdmp, badman.exe, 0000000E.00000003.339036712.0000000009D73000.00000004.00000001.sdmp |
String found in binary or memory: http://ns.adobe.c/g |
Source: badman.exe, 0000000E.00000003.414205130.0000000009D7B000.00000004.00000001.sdmp |
String found in binary or memory: http://ns.adobe.c/g%% |
Source: REQUEST FOR OFFER.exe, 00000000.00000002.332840777.0000000009A85000.00000004.00000001.sdmp |
String found in binary or memory: http://ns.adobe.c/g%%vp |
Source: badman.exe, 0000000E.00000002.416023782.000000000171C000.00000004.00000020.sdmp |
String found in binary or memory: http://ocsp.digicert.com0: |
Source: badman.exe, 0000000E.00000002.416023782.000000000171C000.00000004.00000020.sdmp |
String found in binary or memory: http://ocsp.msocsp.com0 |
Source: badman.exe, 0000000E.00000002.416023782.000000000171C000.00000004.00000020.sdmp |
String found in binary or memory: http://ocsp.pki.goog/gsr202 |
Source: badman.exe, 0000000E.00000002.416023782.000000000171C000.00000004.00000020.sdmp |
String found in binary or memory: http://ocsp.pki.goog/gts1o1core0 |
Source: badman.exe, 0000000E.00000002.416023782.000000000171C000.00000004.00000020.sdmp |
String found in binary or memory: http://pki.goog/gsr2/GTS1O1.crt0 |
Source: REQUEST FOR OFFER.exe, 00000000.00000002.326751684.0000000002F99000.00000004.00000001.sdmp, badman.exe, 0000000E.00000002.417471164.00000000032A2000.00000004.00000001.sdmp |
String found in binary or memory: http://schema.org/WebPage |
Source: REQUEST FOR OFFER.exe, 00000000.00000002.326675089.0000000002F51000.00000004.00000001.sdmp, badman.exe, 0000000E.00000002.417359766.0000000003271000.00000004.00000001.sdmp |
String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name |
Source: badman.exe, 0000000E.00000002.416023782.000000000171C000.00000004.00000020.sdmp |
String found in binary or memory: https://pki.goog/repository/0 |
Source: REQUEST FOR OFFER.exe, 00000000.00000002.326675089.0000000002F51000.00000004.00000001.sdmp, badman.exe, 0000000E.00000002.417359766.0000000003271000.00000004.00000001.sdmp |
String found in binary or memory: https://www.google.com |
Source: REQUEST FOR OFFER.exe, 00000000.00000002.326675089.0000000002F51000.00000004.00000001.sdmp, badman.exe, 0000000E.00000002.417359766.0000000003271000.00000004.00000001.sdmp |
String found in binary or memory: https://www.google.com/ |
Source: REQUEST FOR OFFER.exe, 00000000.00000002.328242176.0000000004839000.00000004.00000001.sdmp, badman.exe, 0000000E.00000002.423799814.0000000004AF5000.00000004.00000001.sdmp, InstallUtil.exe, 0000000F.00000002.472316965.0000000000402000.00000040.00000001.sdmp |
String found in binary or memory: https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip |
Source: InstallUtil.exe, 0000000F.00000002.477839397.00000000029A1000.00000004.00000001.sdmp |
String found in binary or memory: https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip%tordir%%ha |
Source: C:\Users\user\Desktop\REQUEST FOR OFFER.exe |
Code function: 0_2_02DDFCA0 |
0_2_02DDFCA0 |
Source: C:\Users\user\Desktop\REQUEST FOR OFFER.exe |
Code function: 0_2_04FB2A58 |
0_2_04FB2A58 |
Source: C:\Users\user\Desktop\REQUEST FOR OFFER.exe |
Code function: 0_2_04FB0C58 |
0_2_04FB0C58 |
Source: C:\Users\user\Desktop\REQUEST FOR OFFER.exe |
Code function: 0_2_04FB0C57 |
0_2_04FB0C57 |
Source: C:\Users\user\Desktop\REQUEST FOR OFFER.exe |
Code function: 0_2_04FB29D1 |
0_2_04FB29D1 |
Source: C:\Users\user\Desktop\REQUEST FOR OFFER.exe |
Code function: 0_2_06E32E28 |
0_2_06E32E28 |
Source: C:\Users\user\Desktop\REQUEST FOR OFFER.exe |
Code function: 0_2_06E33F90 |
0_2_06E33F90 |
Source: C:\Users\user\Desktop\REQUEST FOR OFFER.exe |
Code function: 0_2_06E344E1 |
0_2_06E344E1 |
Source: C:\Users\user\Desktop\REQUEST FOR OFFER.exe |
Code function: 0_2_06E3E450 |
0_2_06E3E450 |
Source: C:\Users\user\Desktop\REQUEST FOR OFFER.exe |
Code function: 0_2_06E3BD48 |
0_2_06E3BD48 |
Source: C:\Users\user\Desktop\REQUEST FOR OFFER.exe |
Code function: 0_2_06E30D58 |
0_2_06E30D58 |
Source: C:\Users\user\Desktop\REQUEST FOR OFFER.exe |
Code function: 0_2_06E312A0 |
0_2_06E312A0 |
Source: C:\Users\user\Desktop\REQUEST FOR OFFER.exe |
Code function: 0_2_06E33A90 |
0_2_06E33A90 |
Source: C:\Users\user\Desktop\REQUEST FOR OFFER.exe |
Code function: 0_2_06E35370 |
0_2_06E35370 |
Source: C:\Users\user\AppData\Roaming\badman.exe |
Code function: 14_2_0197F268 |
14_2_0197F268 |
Source: C:\Users\user\AppData\Roaming\badman.exe |
Code function: 14_2_0197C140 |
14_2_0197C140 |
Source: C:\Users\user\AppData\Roaming\badman.exe |
Code function: 14_2_052FA568 |
14_2_052FA568 |
Source: C:\Users\user\AppData\Roaming\badman.exe |
Code function: 14_2_052F5730 |
14_2_052F5730 |
Source: C:\Users\user\AppData\Roaming\badman.exe |
Code function: 14_2_052F3C70 |
14_2_052F3C70 |
Source: C:\Users\user\AppData\Roaming\badman.exe |
Code function: 14_2_052F7CCA |
14_2_052F7CCA |
Source: C:\Users\user\AppData\Roaming\badman.exe |
Code function: 14_2_052F1F17 |
14_2_052F1F17 |
Source: C:\Users\user\AppData\Roaming\badman.exe |
Code function: 14_2_052F0E00 |
14_2_052F0E00 |
Source: C:\Users\user\AppData\Roaming\badman.exe |
Code function: 14_2_052F5E62 |
14_2_052F5E62 |
Source: C:\Users\user\AppData\Roaming\badman.exe |
Code function: 14_2_052F2948 |
14_2_052F2948 |
Source: C:\Users\user\AppData\Roaming\badman.exe |
Code function: 14_2_052F9420 |
14_2_052F9420 |
Source: C:\Users\user\AppData\Roaming\badman.exe |
Code function: 14_2_052F7440 |
14_2_052F7440 |
Source: C:\Users\user\AppData\Roaming\badman.exe |
Code function: 14_2_052F7450 |
14_2_052F7450 |
Source: C:\Users\user\AppData\Roaming\badman.exe |
Code function: 14_2_052F8760 |
14_2_052F8760 |
Source: C:\Users\user\AppData\Roaming\badman.exe |
Code function: 14_2_052FB198 |
14_2_052FB198 |
Source: C:\Users\user\AppData\Roaming\badman.exe |
Code function: 14_2_052F6FC8 |
14_2_052F6FC8 |
Source: C:\Users\user\AppData\Roaming\badman.exe |
Code function: 14_2_052F6FD8 |
14_2_052F6FD8 |
Source: C:\Users\user\AppData\Roaming\badman.exe |
Code function: 14_2_07192E28 |
14_2_07192E28 |
Source: C:\Users\user\AppData\Roaming\badman.exe |
Code function: 14_2_07190D58 |
14_2_07190D58 |
Source: C:\Users\user\AppData\Roaming\badman.exe |
Code function: 14_2_0719BC20 |
14_2_0719BC20 |
Source: C:\Users\user\AppData\Roaming\badman.exe |
Code function: 14_2_0719E450 |
14_2_0719E450 |
Source: C:\Users\user\AppData\Roaming\badman.exe |
Code function: 14_2_071944E1 |
14_2_071944E1 |
Source: C:\Users\user\AppData\Roaming\badman.exe |
Code function: 14_2_07195370 |
14_2_07195370 |
Source: C:\Users\user\AppData\Roaming\badman.exe |
Code function: 14_2_07193A90 |
14_2_07193A90 |
Source: C:\Users\user\AppData\Roaming\badman.exe |
Code function: 14_2_071912A0 |
14_2_071912A0 |
Source: C:\Users\user\AppData\Roaming\badman.exe |
Code function: 14_2_07197718 |
14_2_07197718 |
Source: C:\Users\user\AppData\Roaming\badman.exe |
Code function: 14_2_07193F39 |
14_2_07193F39 |
Source: C:\Users\user\AppData\Roaming\badman.exe |
Code function: 14_2_07197728 |
14_2_07197728 |
Source: C:\Users\user\AppData\Roaming\badman.exe |
Code function: 14_2_07193F90 |
14_2_07193F90 |
Source: C:\Users\user\AppData\Roaming\badman.exe |
Code function: 14_2_0719C7D0 |
14_2_0719C7D0 |
Source: C:\Users\user\AppData\Roaming\badman.exe |
Code function: 14_2_07196E50 |
14_2_07196E50 |
Source: C:\Users\user\AppData\Roaming\badman.exe |
Code function: 14_2_07196E42 |
14_2_07196E42 |
Source: C:\Users\user\AppData\Roaming\badman.exe |
Code function: 14_2_0719A680 |
14_2_0719A680 |
Source: C:\Users\user\AppData\Roaming\badman.exe |
Code function: 14_2_07192D78 |
14_2_07192D78 |
Source: C:\Users\user\AppData\Roaming\badman.exe |
Code function: 14_2_0719F598 |
14_2_0719F598 |
Source: C:\Users\user\AppData\Roaming\badman.exe |
Code function: 14_2_0719B418 |
14_2_0719B418 |
Source: C:\Users\user\AppData\Roaming\badman.exe |
Code function: 14_2_071974F0 |
14_2_071974F0 |
Source: C:\Users\user\AppData\Roaming\badman.exe |
Code function: 14_2_071974E0 |
14_2_071974E0 |
Source: C:\Users\user\AppData\Roaming\badman.exe |
Code function: 14_2_07197B78 |
14_2_07197B78 |
Source: C:\Users\user\AppData\Roaming\badman.exe |
Code function: 14_2_07192298 |
14_2_07192298 |
Source: C:\Users\user\AppData\Roaming\badman.exe |
Code function: 14_2_07196298 |
14_2_07196298 |
Source: C:\Users\user\AppData\Roaming\badman.exe |
Code function: 14_2_0719628A |
14_2_0719628A |
Source: C:\Users\user\AppData\Roaming\badman.exe |
Code function: 14_2_071952B9 |
14_2_071952B9 |
Source: C:\Users\user\AppData\Roaming\badman.exe |
Code function: 14_2_071952D5 |
14_2_071952D5 |
Source: C:\Users\user\AppData\Roaming\badman.exe |
Code function: 14_2_071952F1 |
14_2_071952F1 |
Source: C:\Users\user\AppData\Roaming\badman.exe |
Code function: 14_2_0719799A |
14_2_0719799A |
Source: C:\Users\user\AppData\Roaming\badman.exe |
Code function: 14_2_071979A0 |
14_2_071979A0 |
Source: C:\Users\user\AppData\Roaming\badman.exe |
Code function: 14_2_0719F040 |
14_2_0719F040 |
Source: C:\Users\user\AppData\Roaming\badman.exe |
Code function: 14_2_09ACB988 |
14_2_09ACB988 |
Source: C:\Users\user\AppData\Roaming\badman.exe |
Code function: 14_2_09ACE900 |
14_2_09ACE900 |
Source: C:\Users\user\AppData\Roaming\badman.exe |
Code function: 14_2_09ACDD68 |
14_2_09ACDD68 |
Source: C:\Users\user\AppData\Roaming\badman.exe |
Code function: 14_2_09ACE132 |
14_2_09ACE132 |
Source: C:\Users\user\AppData\Roaming\badman.exe |
Code function: 14_2_09AC7080 |
14_2_09AC7080 |
Source: C:\Users\user\AppData\Roaming\badman.exe |
Code function: 14_2_09AC83D8 |
14_2_09AC83D8 |
Source: C:\Users\user\AppData\Roaming\badman.exe |
Code function: 14_2_09ACB978 |
14_2_09ACB978 |
Source: C:\Users\user\AppData\Roaming\badman.exe |
Code function: 14_2_09ACE8F1 |
14_2_09ACE8F1 |
Source: C:\Users\user\AppData\Roaming\badman.exe |
Code function: 14_2_09AC9816 |
14_2_09AC9816 |
Source: C:\Users\user\AppData\Roaming\badman.exe |
Code function: 14_2_09AC4D80 |
14_2_09AC4D80 |
Source: C:\Users\user\AppData\Roaming\badman.exe |
Code function: 14_2_09AC4D90 |
14_2_09AC4D90 |
Source: C:\Users\user\AppData\Roaming\badman.exe |
Code function: 14_2_09ACDD59 |
14_2_09ACDD59 |
Source: C:\Users\user\AppData\Roaming\badman.exe |
Code function: 14_2_09AC7070 |
14_2_09AC7070 |
Source: C:\Users\user\AppData\Roaming\badman.exe |
Code function: 14_2_09AC0040 |
14_2_09AC0040 |
Source: C:\Users\user\AppData\Roaming\badman.exe |
Code function: 14_2_09AC83C9 |
14_2_09AC83C9 |
Source: C:\Users\user\AppData\Roaming\badman.exe |
Code function: 14_2_09AC5330 |
14_2_09AC5330 |
Source: C:\Users\user\AppData\Roaming\badman.exe |
Code function: 14_2_09AC5340 |
14_2_09AC5340 |
Source: C:\Users\user\AppData\Roaming\badman.exe |
Code function: 14_2_09AC7533 |
14_2_09AC7533 |
Source: C:\Users\user\AppData\Roaming\badman.exe |
Code function: 14_2_09AC7548 |
14_2_09AC7548 |
Source: C:\Users\user\AppData\Roaming\badman.exe |
Code function: 14_2_09AC74A9 |
14_2_09AC74A9 |
Source: C:\Users\user\AppData\Roaming\badman.exe |
Code function: 14_2_09AC74BE |
14_2_09AC74BE |
Source: C:\Users\user\AppData\Roaming\badman.exe |
Code function: 14_2_09AC9480 |
14_2_09AC9480 |
Source: C:\Users\user\AppData\Roaming\badman.exe |
Code function: 14_2_09AC9490 |
14_2_09AC9490 |
Source: C:\Users\user\AppData\Roaming\badman.exe |
Code function: 14_2_09AC7405 |
14_2_09AC7405 |
Source: C:\Users\user\AppData\Roaming\badman.exe |
Code function: 14_2_09AC741A |
14_2_09AC741A |
Source: C:\Users\user\AppData\Local\Temp\InstallUtil.exe |
Code function: 15_2_005B20B0 |
15_2_005B20B0 |
Source: C:\Users\user\AppData\Local\Temp\InstallUtil.exe |
Code function: 15_2_028746A0 |
15_2_028746A0 |
Source: C:\Users\user\AppData\Local\Temp\InstallUtil.exe |
Code function: 15_2_028745B0 |
15_2_028745B0 |
Source: C:\Users\user\AppData\Local\Temp\InstallUtil.exe |
Code function: 15_2_0287D310 |
15_2_0287D310 |
Source: C:\Users\user\AppData\Local\Temp\InstallUtil.exe |
Code function: 15_2_05C27538 |
15_2_05C27538 |
Source: C:\Users\user\AppData\Local\Temp\InstallUtil.exe |
Code function: 15_2_05C294F8 |
15_2_05C294F8 |
Source: C:\Users\user\AppData\Local\Temp\InstallUtil.exe |
Code function: 15_2_05C26920 |
15_2_05C26920 |
Source: C:\Users\user\AppData\Local\Temp\InstallUtil.exe |
Code function: 15_2_05C26C68 |
15_2_05C26C68 |
Source: C:\Users\user\Desktop\REQUEST FOR OFFER.exe |
Code function: 0_2_00BA6E9E push ecx; iretd |
0_2_00BA6EA4 |
Source: C:\Users\user\Desktop\REQUEST FOR OFFER.exe |
Code function: 0_2_00BA4E89 push 52BA5CE0h; ret |
0_2_00BA4E8E |
Source: C:\Users\user\Desktop\REQUEST FOR OFFER.exe |
Code function: 0_2_00BA56E4 push ebp; retf |
0_2_00BA56E3 |
Source: C:\Users\user\Desktop\REQUEST FOR OFFER.exe |
Code function: 0_2_00BA4008 push FFFFFFCBh; iretd |
0_2_00BA4010 |
Source: C:\Users\user\Desktop\REQUEST FOR OFFER.exe |
Code function: 0_2_00BA4A0C push es; retf |
0_2_00BA4A1D |
Source: C:\Users\user\Desktop\REQUEST FOR OFFER.exe |
Code function: 0_2_00BA427E push esp; retf |
0_2_00BA427F |
Source: C:\Users\user\Desktop\REQUEST FOR OFFER.exe |
Code function: 0_2_00BA67FF push 40907420h; ret |
0_2_00BA6810 |
Source: C:\Users\user\Desktop\REQUEST FOR OFFER.exe |
Code function: 0_2_00BA3F18 push FFFFFFCBh; iretd |
0_2_00BA3F20 |
Source: C:\Users\user\Desktop\REQUEST FOR OFFER.exe |
Code function: 0_2_00BA535E push edx; retf |
0_2_00BA5367 |
Source: C:\Users\user\Desktop\REQUEST FOR OFFER.exe |
Code function: 0_2_00BA4148 push edx; retf |
0_2_00BA414F |
Source: C:\Users\user\Desktop\REQUEST FOR OFFER.exe |
Code function: 0_2_00BA5D4C push FFFFFFFFh; retf |
0_2_00BA5D4E |
Source: C:\Users\user\AppData\Roaming\badman.exe |
Code function: 14_2_00EE56E4 push ebp; retf |
14_2_00EE56E3 |
Source: C:\Users\user\AppData\Roaming\badman.exe |
Code function: 14_2_00EE4E89 push 52BA5CE0h; ret |
14_2_00EE4E8E |
Source: C:\Users\user\AppData\Roaming\badman.exe |
Code function: 14_2_00EE6E9E push ecx; iretd |
14_2_00EE6EA4 |
Source: C:\Users\user\AppData\Roaming\badman.exe |
Code function: 14_2_00EE427E push esp; retf |
14_2_00EE427F |
Source: C:\Users\user\AppData\Roaming\badman.exe |
Code function: 14_2_00EE4A0C push es; retf |
14_2_00EE4A1D |
Source: C:\Users\user\AppData\Roaming\badman.exe |
Code function: 14_2_00EE4008 push FFFFFFCBh; iretd |
14_2_00EE4010 |
Source: C:\Users\user\AppData\Roaming\badman.exe |
Code function: 14_2_00EE67FF push 40907420h; ret |
14_2_00EE6810 |
Source: C:\Users\user\AppData\Roaming\badman.exe |
Code function: 14_2_00EE5D4C push FFFFFFFFh; retf |
14_2_00EE5D4E |
Source: C:\Users\user\AppData\Roaming\badman.exe |
Code function: 14_2_00EE4148 push edx; retf |
14_2_00EE414F |
Source: C:\Users\user\AppData\Roaming\badman.exe |
Code function: 14_2_00EE535E push edx; retf |
14_2_00EE5367 |
Source: C:\Users\user\AppData\Roaming\badman.exe |
Code function: 14_2_00EE3F18 push FFFFFFCBh; iretd |
14_2_00EE3F20 |
Source: C:\Users\user\AppData\Roaming\badman.exe |
Code function: 14_2_07197E84 push ecx; iretd |
14_2_07197E86 |
Source: C:\Users\user\AppData\Roaming\badman.exe |
Code function: 14_2_07191BDA push ecx; ret |
14_2_07191BDE |
Source: C:\Users\user\AppData\Roaming\badman.exe |
Code function: 14_2_09ACECD2 push ebx; ret |
14_2_09ACECDB |
Source: C:\Users\user\AppData\Roaming\badman.exe |
Code function: 14_2_09AC9FC8 push edi; ret |
14_2_09AC9FE9 |
Source: C:\Users\user\Desktop\REQUEST FOR OFFER.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\REQUEST FOR OFFER.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\REQUEST FOR OFFER.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\REQUEST FOR OFFER.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\REQUEST FOR OFFER.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\REQUEST FOR OFFER.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\REQUEST FOR OFFER.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\REQUEST FOR OFFER.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\REQUEST FOR OFFER.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\REQUEST FOR OFFER.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\REQUEST FOR OFFER.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\REQUEST FOR OFFER.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\REQUEST FOR OFFER.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\REQUEST FOR OFFER.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\REQUEST FOR OFFER.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\REQUEST FOR OFFER.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\REQUEST FOR OFFER.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\REQUEST FOR OFFER.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\REQUEST FOR OFFER.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\REQUEST FOR OFFER.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\REQUEST FOR OFFER.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\REQUEST FOR OFFER.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\REQUEST FOR OFFER.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\REQUEST FOR OFFER.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\REQUEST FOR OFFER.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\REQUEST FOR OFFER.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\REQUEST FOR OFFER.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\REQUEST FOR OFFER.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\REQUEST FOR OFFER.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\REQUEST FOR OFFER.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\REQUEST FOR OFFER.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\REQUEST FOR OFFER.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\REQUEST FOR OFFER.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\REQUEST FOR OFFER.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\REQUEST FOR OFFER.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\REQUEST FOR OFFER.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\REQUEST FOR OFFER.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\REQUEST FOR OFFER.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\REQUEST FOR OFFER.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\REQUEST FOR OFFER.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\REQUEST FOR OFFER.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\REQUEST FOR OFFER.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\REQUEST FOR OFFER.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\REQUEST FOR OFFER.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\REQUEST FOR OFFER.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\REQUEST FOR OFFER.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\REQUEST FOR OFFER.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\REQUEST FOR OFFER.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\REQUEST FOR OFFER.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\REQUEST FOR OFFER.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\REQUEST FOR OFFER.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\REQUEST FOR OFFER.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\REQUEST FOR OFFER.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\REQUEST FOR OFFER.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\badman.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\badman.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\badman.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\badman.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\badman.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\badman.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\badman.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\badman.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\badman.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\badman.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\badman.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\badman.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\badman.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\badman.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\badman.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\badman.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\badman.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\badman.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\badman.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\badman.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\badman.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\badman.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\badman.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\badman.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\badman.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\badman.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\badman.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\badman.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\badman.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\badman.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\badman.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\badman.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\badman.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\badman.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\badman.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\badman.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\badman.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\badman.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\badman.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\badman.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\badman.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\badman.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\badman.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\badman.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\badman.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\badman.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\badman.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\badman.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\badman.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\badman.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\badman.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\badman.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\badman.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\InstallUtil.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\InstallUtil.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\InstallUtil.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\InstallUtil.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\InstallUtil.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\InstallUtil.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\InstallUtil.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\InstallUtil.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\InstallUtil.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\InstallUtil.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\InstallUtil.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\InstallUtil.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\InstallUtil.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\InstallUtil.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\InstallUtil.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\InstallUtil.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\InstallUtil.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\InstallUtil.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\InstallUtil.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\InstallUtil.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\InstallUtil.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\InstallUtil.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\InstallUtil.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\InstallUtil.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\InstallUtil.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\InstallUtil.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\InstallUtil.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\InstallUtil.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\InstallUtil.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\InstallUtil.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\InstallUtil.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\InstallUtil.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\InstallUtil.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\InstallUtil.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\InstallUtil.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\InstallUtil.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\InstallUtil.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\InstallUtil.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: badman.exe, 0000000E.00000002.417906722.000000000335C000.00000004.00000001.sdmp |
Binary or memory string: VMware |
Source: badman.exe, 0000000E.00000002.417906722.000000000335C000.00000004.00000001.sdmp |
Binary or memory string: vmware vmci bus device!vmware virtual s scsi disk device |
Source: badman.exe, 0000000E.00000002.417906722.000000000335C000.00000004.00000001.sdmp |
Binary or memory string: vmware svga |
Source: badman.exe, 0000000E.00000002.417906722.000000000335C000.00000004.00000001.sdmp |
Binary or memory string: vboxservice |
Source: REQUEST FOR OFFER.exe, 00000000.00000002.327847947.00000000033C5000.00000004.00000001.sdmp, badman.exe, 0000000E.00000002.417906722.000000000335C000.00000004.00000001.sdmp |
Binary or memory string: Microsoft Hyper-Vmicrosoft |
Source: REQUEST FOR OFFER.exe, 00000000.00000002.330640897.0000000005FA0000.00000002.00000001.sdmp, InstallUtil.exe, 0000000F.00000002.483211695.0000000005A90000.00000002.00000001.sdmp |
Binary or memory string: A Virtual Machine could not be started because Hyper-V is not installed. |
Source: badman.exe, 0000000E.00000002.417906722.000000000335C000.00000004.00000001.sdmp |
Binary or memory string: vmware |
Source: badman.exe, 0000000E.00000002.417906722.000000000335C000.00000004.00000001.sdmp |
Binary or memory string: vmware usb pointing device |
Source: REQUEST FOR OFFER.exe, 00000000.00000002.327847947.00000000033C5000.00000004.00000001.sdmp, badman.exe, 0000000E.00000002.417906722.000000000335C000.00000004.00000001.sdmp |
Binary or memory string: vmusrvc |
Source: badman.exe, 0000000E.00000002.417906722.000000000335C000.00000004.00000001.sdmp |
Binary or memory string: vmware pointing device |
Source: badman.exe, 0000000E.00000002.417906722.000000000335C000.00000004.00000001.sdmp |
Binary or memory string: vmware sata |
Source: badman.exe, 0000000E.00000002.417906722.000000000335C000.00000004.00000001.sdmp |
Binary or memory string: vmsrvc |
Source: badman.exe, 0000000E.00000002.417906722.000000000335C000.00000004.00000001.sdmp |
Binary or memory string: vmtools |
Source: REQUEST FOR OFFER.exe, 00000000.00000002.327847947.00000000033C5000.00000004.00000001.sdmp, badman.exe, 0000000E.00000002.417906722.000000000335C000.00000004.00000001.sdmp |
Binary or memory string: Microsoft Hyper-V |
Source: REQUEST FOR OFFER.exe, 00000000.00000002.330640897.0000000005FA0000.00000002.00000001.sdmp, InstallUtil.exe, 0000000F.00000002.483211695.0000000005A90000.00000002.00000001.sdmp |
Binary or memory string: A communication protocol error has occurred between the Hyper-V Host and Guest Compute Service. |
Source: badman.exe, 0000000E.00000002.417906722.000000000335C000.00000004.00000001.sdmp |
Binary or memory string: vmware virtual s scsi disk device |
Source: REQUEST FOR OFFER.exe, 00000000.00000002.330640897.0000000005FA0000.00000002.00000001.sdmp, InstallUtil.exe, 0000000F.00000002.483211695.0000000005A90000.00000002.00000001.sdmp |
Binary or memory string: The communication protocol version between the Hyper-V Host and Guest Compute Services is not supported. |
Source: badman.exe, 0000000E.00000002.417906722.000000000335C000.00000004.00000001.sdmp |
Binary or memory string: vmware vmci bus device |
Source: badman.exe, 0000000E.00000002.415907828.00000000016AE000.00000004.00000020.sdmp |
Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll |
Source: REQUEST FOR OFFER.exe, 00000000.00000002.330640897.0000000005FA0000.00000002.00000001.sdmp, InstallUtil.exe, 0000000F.00000002.483211695.0000000005A90000.00000002.00000001.sdmp |
Binary or memory string: An unknown internal message was received by the Hyper-V Compute Service. |
Source: C:\Users\user\Desktop\REQUEST FOR OFFER.exe |
Queries volume information: C:\Users\user\Desktop\REQUEST FOR OFFER.exe VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\REQUEST FOR OFFER.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\REQUEST FOR OFFER.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\REQUEST FOR OFFER.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\REQUEST FOR OFFER.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\REQUEST FOR OFFER.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\REQUEST FOR OFFER.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\badman.exe |
Queries volume information: C:\Users\user\AppData\Roaming\badman.exe VolumeInformation |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\badman.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\badman.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\badman.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\badman.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\badman.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation |
Jump to behavior |
Source: C:\Users\user\AppData\Roaming\badman.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\InstallUtil.exe |
Queries volume information: C:\Users\user\AppData\Local\Temp\InstallUtil.exe VolumeInformation |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\InstallUtil.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\InstallUtil.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\InstallUtil.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformation |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\InstallUtil.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformation |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\InstallUtil.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformation |
Jump to behavior |
Source: C:\Users\user\AppData\Local\Temp\InstallUtil.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll VolumeInformation |
Jump to behavior |
Source: Yara match |
File source: 0000000E.00000002.423799814.0000000004AF5000.00000004.00000001.sdmp, type: MEMORY |
Source: Yara match |
File source: 0000000E.00000002.424117469.0000000004C68000.00000004.00000001.sdmp, type: MEMORY |
Source: Yara match |
File source: 00000000.00000002.328242176.0000000004839000.00000004.00000001.sdmp, type: MEMORY |
Source: Yara match |
File source: 0000000E.00000002.423910607.0000000004B58000.00000004.00000001.sdmp, type: MEMORY |
Source: Yara match |
File source: 00000000.00000002.328670808.0000000004948000.00000004.00000001.sdmp, type: MEMORY |
Source: Yara match |
File source: 0000000F.00000002.477839397.00000000029A1000.00000004.00000001.sdmp, type: MEMORY |
Source: Yara match |
File source: 0000000F.00000002.472316965.0000000000402000.00000040.00000001.sdmp, type: MEMORY |
Source: Yara match |
File source: Process Memory Space: REQUEST FOR OFFER.exe PID: 4156, type: MEMORY |
Source: Yara match |
File source: Process Memory Space: badman.exe PID: 5900, type: MEMORY |
Source: Yara match |
File source: Process Memory Space: InstallUtil.exe PID: 1936, type: MEMORY |
Source: Yara match |
File source: 0.2.REQUEST FOR OFFER.exe.486f7e2.2.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 14.2.badman.exe.4c9e3d0.6.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 15.2.InstallUtil.exe.400000.0.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 0.2.REQUEST FOR OFFER.exe.48a5bb2.3.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 0.2.REQUEST FOR OFFER.exe.49486d2.6.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 0.2.REQUEST FOR OFFER.exe.497ea88.5.raw.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 14.2.badman.exe.4bfb8ba.3.raw.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 14.2.badman.exe.4b8f12a.4.raw.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 0.2.REQUEST FOR OFFER.exe.48a5bb2.3.raw.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 0.2.REQUEST FOR OFFER.exe.497ea88.5.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 14.2.badman.exe.4c9e3d0.6.raw.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 14.2.badman.exe.4b8f12a.4.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 14.2.badman.exe.4bc54fa.5.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 0.2.REQUEST FOR OFFER.exe.48dbf72.4.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 14.2.badman.exe.4bfb8ba.3.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 0.2.REQUEST FOR OFFER.exe.48dbf72.4.raw.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 14.2.badman.exe.4bc54fa.5.raw.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 0.2.REQUEST FOR OFFER.exe.486f7e2.2.raw.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 0.2.REQUEST FOR OFFER.exe.49486d2.6.raw.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 0000000E.00000002.423799814.0000000004AF5000.00000004.00000001.sdmp, type: MEMORY |
Source: Yara match |
File source: 0000000E.00000002.424117469.0000000004C68000.00000004.00000001.sdmp, type: MEMORY |
Source: Yara match |
File source: 00000000.00000002.328242176.0000000004839000.00000004.00000001.sdmp, type: MEMORY |
Source: Yara match |
File source: 0000000E.00000002.423910607.0000000004B58000.00000004.00000001.sdmp, type: MEMORY |
Source: Yara match |
File source: 00000000.00000002.328670808.0000000004948000.00000004.00000001.sdmp, type: MEMORY |
Source: Yara match |
File source: 0000000F.00000002.477839397.00000000029A1000.00000004.00000001.sdmp, type: MEMORY |
Source: Yara match |
File source: 0000000F.00000002.472316965.0000000000402000.00000040.00000001.sdmp, type: MEMORY |
Source: Yara match |
File source: Process Memory Space: REQUEST FOR OFFER.exe PID: 4156, type: MEMORY |
Source: Yara match |
File source: Process Memory Space: badman.exe PID: 5900, type: MEMORY |
Source: Yara match |
File source: Process Memory Space: InstallUtil.exe PID: 1936, type: MEMORY |
Source: Yara match |
File source: 0.2.REQUEST FOR OFFER.exe.486f7e2.2.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 14.2.badman.exe.4c9e3d0.6.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 15.2.InstallUtil.exe.400000.0.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 0.2.REQUEST FOR OFFER.exe.48a5bb2.3.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 0.2.REQUEST FOR OFFER.exe.49486d2.6.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 0.2.REQUEST FOR OFFER.exe.497ea88.5.raw.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 14.2.badman.exe.4bfb8ba.3.raw.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 14.2.badman.exe.4b8f12a.4.raw.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 0.2.REQUEST FOR OFFER.exe.48a5bb2.3.raw.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 0.2.REQUEST FOR OFFER.exe.497ea88.5.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 14.2.badman.exe.4c9e3d0.6.raw.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 14.2.badman.exe.4b8f12a.4.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 14.2.badman.exe.4bc54fa.5.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 0.2.REQUEST FOR OFFER.exe.48dbf72.4.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 14.2.badman.exe.4bfb8ba.3.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 0.2.REQUEST FOR OFFER.exe.48dbf72.4.raw.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 14.2.badman.exe.4bc54fa.5.raw.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 0.2.REQUEST FOR OFFER.exe.486f7e2.2.raw.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 0.2.REQUEST FOR OFFER.exe.49486d2.6.raw.unpack, type: UNPACKEDPE |