Source: malware.exe, 00000003.00000002.464476473.0000000003531000.00000004.00000001.sdmp |
String found in binary or memory: http://127.0.0.1:HTTP/1.1 |
Source: malware.exe, 00000003.00000002.464476473.0000000003531000.00000004.00000001.sdmp |
String found in binary or memory: http://DynDns.comDynDNS |
Source: malware.exe, 00000003.00000002.464733320.00000000035AF000.00000004.00000001.sdmp |
String found in binary or memory: http://cacerts.geotrust.com/GeoTrustRSACA2018.crt0 |
Source: malware.exe, 00000003.00000002.464733320.00000000035AF000.00000004.00000001.sdmp |
String found in binary or memory: http://cdp.geotrust.com/GeoTrustRSACA2018.crl0L |
Source: malware.exe, 00000003.00000002.464733320.00000000035AF000.00000004.00000001.sdmp |
String found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl0= |
Source: malware.exe, 00000003.00000002.464476473.0000000003531000.00000004.00000001.sdmp |
String found in binary or memory: http://eYrjmd.com |
Source: malware.exe, 00000003.00000002.464733320.00000000035AF000.00000004.00000001.sdmp |
String found in binary or memory: http://ocsp.digicert.com0B |
Source: malware.exe, 00000003.00000002.464733320.00000000035AF000.00000004.00000001.sdmp |
String found in binary or memory: http://status.geotrust.com0= |
Source: malware.exe, 00000003.00000002.465505838.0000000003A2D000.00000004.00000001.sdmp |
String found in binary or memory: https://QDDeRKxxql47yvGyut1.co |
Source: malware.exe, 00000003.00000002.465412261.00000000039D8000.00000004.00000001.sdmp |
String found in binary or memory: https://QDDeRKxxql47yvGyut1.com |
Source: malware.exe, 00000003.00000002.465412261.00000000039D8000.00000004.00000001.sdmp |
String found in binary or memory: https://QDDeRKxxql47yvGyut1.com4 |
Source: malware.exe, 00000000.00000002.201606646.000000000335E000.00000004.00000001.sdmp |
String found in binary or memory: https://stackpath.bootstrapcdn.com/bootstrap/4.5.0/css/bootstrap.min.css |
Source: malware.exe, 00000003.00000002.464733320.00000000035AF000.00000004.00000001.sdmp |
String found in binary or memory: https://www.digicert.com/CPS0 |
Source: malware.exe, 00000000.00000002.201927296.00000000040B5000.00000004.00000001.sdmp, malware.exe, 00000003.00000002.459799944.0000000000402000.00000040.00000001.sdmp |
String found in binary or memory: https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip |
Source: malware.exe, 00000003.00000002.464476473.0000000003531000.00000004.00000001.sdmp |
String found in binary or memory: https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip%tordir%%ha |
Source: C:\Users\user\Desktop\malware.exe |
Code function: 0_2_0093E489 |
0_2_0093E489 |
Source: C:\Users\user\Desktop\malware.exe |
Code function: 0_2_0093C8B2 |
0_2_0093C8B2 |
Source: C:\Users\user\Desktop\malware.exe |
Code function: 0_2_009405C2 |
0_2_009405C2 |
Source: C:\Users\user\Desktop\malware.exe |
Code function: 0_2_00939F78 |
0_2_00939F78 |
Source: C:\Users\user\Desktop\malware.exe |
Code function: 0_2_02C8AEF0 |
0_2_02C8AEF0 |
Source: C:\Users\user\Desktop\malware.exe |
Code function: 0_2_02C80B50 |
0_2_02C80B50 |
Source: C:\Users\user\Desktop\malware.exe |
Code function: 0_2_02C800A8 |
0_2_02C800A8 |
Source: C:\Users\user\Desktop\malware.exe |
Code function: 0_2_02C829D8 |
0_2_02C829D8 |
Source: C:\Users\user\Desktop\malware.exe |
Code function: 0_2_02C83D30 |
0_2_02C83D30 |
Source: C:\Users\user\Desktop\malware.exe |
Code function: 0_2_02C8AEE0 |
0_2_02C8AEE0 |
Source: C:\Users\user\Desktop\malware.exe |
Code function: 0_2_02C853E0 |
0_2_02C853E0 |
Source: C:\Users\user\Desktop\malware.exe |
Code function: 0_2_02C853F0 |
0_2_02C853F0 |
Source: C:\Users\user\Desktop\malware.exe |
Code function: 0_2_02C80B3F |
0_2_02C80B3F |
Source: C:\Users\user\Desktop\malware.exe |
Code function: 0_2_02C80099 |
0_2_02C80099 |
Source: C:\Users\user\Desktop\malware.exe |
Code function: 0_2_02C829C8 |
0_2_02C829C8 |
Source: C:\Users\user\Desktop\malware.exe |
Code function: 0_2_02C851A8 |
0_2_02C851A8 |
Source: C:\Users\user\Desktop\malware.exe |
Code function: 0_2_02C851A3 |
0_2_02C851A3 |
Source: C:\Users\user\Desktop\malware.exe |
Code function: 0_2_02C83D20 |
0_2_02C83D20 |
Source: C:\Users\user\Desktop\malware.exe |
Code function: 0_2_009338AA |
0_2_009338AA |
Source: C:\Users\user\Desktop\malware.exe |
Code function: 0_2_0093A98D |
0_2_0093A98D |
Source: C:\Users\user\Desktop\malware.exe |
Code function: 3_2_00F005C2 |
3_2_00F005C2 |
Source: C:\Users\user\Desktop\malware.exe |
Code function: 3_2_057397DC |
3_2_057397DC |
Source: C:\Users\user\Desktop\malware.exe |
Code function: 3_2_0573AF98 |
3_2_0573AF98 |
Source: C:\Users\user\Desktop\malware.exe |
Code function: 3_2_0573DE28 |
3_2_0573DE28 |
Source: C:\Users\user\Desktop\malware.exe |
Code function: 3_2_05738488 |
3_2_05738488 |
Source: C:\Users\user\Desktop\malware.exe |
Code function: 3_2_05EC98E0 |
3_2_05EC98E0 |
Source: C:\Users\user\Desktop\malware.exe |
Code function: 3_2_05EC73C8 |
3_2_05EC73C8 |
Source: C:\Users\user\Desktop\malware.exe |
Code function: 3_2_05EC26A8 |
3_2_05EC26A8 |
Source: C:\Users\user\Desktop\malware.exe |
Code function: 3_2_05EC0070 |
3_2_05EC0070 |
Source: C:\Users\user\Desktop\malware.exe |
Code function: 3_2_05EC8658 |
3_2_05EC8658 |
Source: C:\Users\user\Desktop\malware.exe |
Code function: 3_2_05EC6818 |
3_2_05EC6818 |
Source: C:\Users\user\Desktop\malware.exe |
Code function: 3_2_05EC25F8 |
3_2_05EC25F8 |
Source: malware.exe |
Binary or memory string: OriginalFilename vs malware.exe |
Source: malware.exe, 00000000.00000002.205160417.000000000DE40000.00000004.00000001.sdmp |
Binary or memory string: OriginalFilenameLegacyPathHandling.dllN vs malware.exe |
Source: malware.exe, 00000000.00000002.201606646.000000000335E000.00000004.00000001.sdmp |
Binary or memory string: OriginalFilenamexUHzFnbHwIrwSOMYICulYEVtzBE.exe4 vs malware.exe |
Source: malware.exe, 00000000.00000002.203861566.00000000058D0000.00000002.00000001.sdmp |
Binary or memory string: OriginalFilenamemscorrc.dllT vs malware.exe |
Source: malware.exe, 00000000.00000002.204525683.0000000009B10000.00000004.00000001.sdmp |
Binary or memory string: OriginalFilenameAsyncState.dllF vs malware.exe |
Source: malware.exe, 00000000.00000002.200312637.000000000101A000.00000004.00000020.sdmp |
Binary or memory string: OriginalFilenamemscorwks.dllT vs malware.exe |
Source: malware.exe |
Binary or memory string: OriginalFilename vs malware.exe |
Source: malware.exe, 00000003.00000002.461809030.00000000017D0000.00000002.00000001.sdmp |
Binary or memory string: OriginalFilenamemscorrc.dllT vs malware.exe |
Source: malware.exe, 00000003.00000002.459799944.0000000000402000.00000040.00000001.sdmp |
Binary or memory string: OriginalFilenamexUHzFnbHwIrwSOMYICulYEVtzBE.exe4 vs malware.exe |
Source: malware.exe, 00000003.00000002.466127885.0000000005A10000.00000002.00000001.sdmp |
Binary or memory string: OriginalFilenameKernelbase.dll.muij% vs malware.exe |
Source: malware.exe, 00000003.00000002.461900198.0000000001880000.00000002.00000001.sdmp |
Binary or memory string: OriginalFilenameCRYPT32.DLL.MUIj% vs malware.exe |
Source: malware.exe |
Binary or memory string: OriginalFilenameNonVersionableAttribute.exeF vs malware.exe |
Source: C:\Users\user\Desktop\malware.exe |
Code function: 0_2_00944292 push cs; ret |
0_2_0094429C |
Source: C:\Users\user\Desktop\malware.exe |
Code function: 0_2_0094429E push cs; ret |
0_2_009442A8 |
Source: C:\Users\user\Desktop\malware.exe |
Code function: 0_2_009442BC push cs; ret |
0_2_009442F0 |
Source: C:\Users\user\Desktop\malware.exe |
Code function: 0_2_009442AA push cs; ret |
0_2_009442BA |
Source: C:\Users\user\Desktop\malware.exe |
Code function: 0_2_009442F2 push cs; ret |
0_2_00944308 |
Source: C:\Users\user\Desktop\malware.exe |
Code function: 0_2_00944B9E push ds; ret |
0_2_00944BA2 |
Source: C:\Users\user\Desktop\malware.exe |
Code function: 0_2_00943D9A push es; ret |
0_2_00943DBC |
Source: C:\Users\user\Desktop\malware.exe |
Code function: 0_2_00944BBC push ds; ret |
0_2_00944BC0 |
Source: C:\Users\user\Desktop\malware.exe |
Code function: 0_2_009441A2 push cs; ret |
0_2_00944260 |
Source: C:\Users\user\Desktop\malware.exe |
Code function: 0_2_009441A2 push cs; ret |
0_2_0094426C |
Source: C:\Users\user\Desktop\malware.exe |
Code function: 0_2_00944BAA push ds; ret |
0_2_00944BBA |
Source: C:\Users\user\Desktop\malware.exe |
Code function: 0_2_009447C0 push ss; ret |
0_2_009447D6 |
Source: C:\Users\user\Desktop\malware.exe |
Code function: 0_2_00944B02 push ds; ret |
0_2_00944BBA |
Source: C:\Users\user\Desktop\malware.exe |
Code function: 0_2_0094472A push ss; ret |
0_2_0094472E |
Source: C:\Users\user\Desktop\malware.exe |
Code function: 0_2_0094477E push ss; ret |
0_2_009447BE |
Source: C:\Users\user\Desktop\malware.exe |
Code function: 0_2_00944760 push ss; ret |
0_2_00944770 |
Source: C:\Users\user\Desktop\malware.exe |
Code function: 0_2_02C890C8 pushad ; retf |
0_2_02C890C9 |
Source: C:\Users\user\Desktop\malware.exe |
Code function: 3_2_00F042F2 push cs; ret |
3_2_00F04308 |
Source: C:\Users\user\Desktop\malware.exe |
Code function: 3_2_00F042BC push cs; ret |
3_2_00F042F0 |
Source: C:\Users\user\Desktop\malware.exe |
Code function: 3_2_00F042AA push cs; ret |
3_2_00F042BA |
Source: C:\Users\user\Desktop\malware.exe |
Code function: 3_2_00F04292 push cs; ret |
3_2_00F0429C |
Source: C:\Users\user\Desktop\malware.exe |
Code function: 3_2_00F0429E push cs; ret |
3_2_00F042A8 |
Source: C:\Users\user\Desktop\malware.exe |
Code function: 3_2_00F047C0 push ss; ret |
3_2_00F047D6 |
Source: C:\Users\user\Desktop\malware.exe |
Code function: 3_2_00F04BBC push ds; ret |
3_2_00F04BC0 |
Source: C:\Users\user\Desktop\malware.exe |
Code function: 3_2_00F041A2 push cs; ret |
3_2_00F04260 |
Source: C:\Users\user\Desktop\malware.exe |
Code function: 3_2_00F041A2 push cs; ret |
3_2_00F0426C |
Source: C:\Users\user\Desktop\malware.exe |
Code function: 3_2_00F04BAA push ds; ret |
3_2_00F04BBA |
Source: C:\Users\user\Desktop\malware.exe |
Code function: 3_2_00F03D9A push es; ret |
3_2_00F03DBC |
Source: C:\Users\user\Desktop\malware.exe |
Code function: 3_2_00F04B9E push ds; ret |
3_2_00F04BA2 |
Source: C:\Users\user\Desktop\malware.exe |
Code function: 3_2_00F0477E push ss; ret |
3_2_00F047BE |
Source: C:\Users\user\Desktop\malware.exe |
Code function: 3_2_00F04760 push ss; ret |
3_2_00F04770 |
Source: C:\Users\user\Desktop\malware.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\malware.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\malware.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\malware.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\malware.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\malware.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\malware.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\malware.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\malware.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\malware.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\malware.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\malware.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\malware.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\malware.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\malware.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\malware.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\malware.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\malware.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\malware.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\malware.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\malware.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\malware.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\malware.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\malware.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\malware.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\malware.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\malware.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\malware.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\malware.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\malware.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\malware.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\malware.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\malware.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\malware.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\malware.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\malware.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\malware.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\malware.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\malware.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\malware.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\malware.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\malware.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\malware.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\malware.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\malware.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\malware.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\malware.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\malware.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\malware.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\malware.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\malware.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\malware.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\malware.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\malware.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\malware.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\malware.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\malware.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\malware.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\malware.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\malware.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\malware.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\malware.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\malware.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\malware.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\malware.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\malware.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\malware.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\malware.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\malware.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\malware.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\malware.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\malware.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\malware.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\malware.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\malware.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\malware.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\malware.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\malware.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\malware.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\malware.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\malware.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\malware.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\malware.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\malware.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\malware.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\malware.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\malware.exe |
Function Chain: systemQueried,systemQueried,threadCreated,threadResumed,threadDelayed,threadDelayed,threadDelayed,systemQueried,systemQueried,systemQueried,threadDelayed,threadDelayed,threadDelayed,threadDelayed,systemQueried,processQueried,processQueried,threadDelayed,systemQueried,threadDelayed,threadDelayed,threadDelayed,threadDelayed,threadDelayed,threadDelayed |
Source: malware.exe, 00000000.00000002.201606646.000000000335E000.00000004.00000001.sdmp |
Binary or memory string: InstallPathJC:\PROGRAM FILES\VMWARE\VMWARE TOOLS\ |
Source: malware.exe, 00000003.00000002.466127885.0000000005A10000.00000002.00000001.sdmp |
Binary or memory string: A Virtual Machine could not be started because Hyper-V is not installed. |
Source: malware.exe, 00000000.00000002.201606646.000000000335E000.00000004.00000001.sdmp |
Binary or memory string: vmware |
Source: malware.exe, 00000000.00000002.205104429.000000000DDE0000.00000004.00000001.sdmp |
Binary or memory string: AQEMuK |
Source: malware.exe, 00000003.00000002.466127885.0000000005A10000.00000002.00000001.sdmp |
Binary or memory string: A communication protocol error has occurred between the Hyper-V Host and Guest Compute Service. |
Source: malware.exe, 00000003.00000002.466127885.0000000005A10000.00000002.00000001.sdmp |
Binary or memory string: The communication protocol version between the Hyper-V Host and Guest Compute Services is not supported. |
Source: malware.exe, 00000000.00000002.201606646.000000000335E000.00000004.00000001.sdmp |
Binary or memory string: VMware SVGA II |
Source: malware.exe, 00000003.00000002.461473019.00000000015C9000.00000004.00000020.sdmp |
Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll |
Source: malware.exe, 00000000.00000002.201606646.000000000335E000.00000004.00000001.sdmp |
Binary or memory string: VMWAREDSOFTWARE\VMware, Inc.\VMware Tools |
Source: malware.exe, 00000003.00000002.466127885.0000000005A10000.00000002.00000001.sdmp |
Binary or memory string: An unknown internal message was received by the Hyper-V Compute Service. |
Source: Yara match |
File source: 00000003.00000002.459799944.0000000000402000.00000040.00000001.sdmp, type: MEMORY |
Source: Yara match |
File source: 00000000.00000002.201927296.00000000040B5000.00000004.00000001.sdmp, type: MEMORY |
Source: Yara match |
File source: 00000003.00000002.465412261.00000000039D8000.00000004.00000001.sdmp, type: MEMORY |
Source: Yara match |
File source: 00000003.00000002.464476473.0000000003531000.00000004.00000001.sdmp, type: MEMORY |
Source: Yara match |
File source: Process Memory Space: malware.exe PID: 6380, type: MEMORY |
Source: Yara match |
File source: Process Memory Space: malware.exe PID: 6536, type: MEMORY |
Source: Yara match |
File source: 3.2.malware.exe.400000.0.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 0.2.malware.exe.4374cd0.3.raw.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 0.2.malware.exe.4374cd0.3.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 0.2.malware.exe.421ba00.2.raw.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 0.2.malware.exe.4277620.4.raw.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 00000003.00000002.459799944.0000000000402000.00000040.00000001.sdmp, type: MEMORY |
Source: Yara match |
File source: 00000000.00000002.201927296.00000000040B5000.00000004.00000001.sdmp, type: MEMORY |
Source: Yara match |
File source: 00000003.00000002.465412261.00000000039D8000.00000004.00000001.sdmp, type: MEMORY |
Source: Yara match |
File source: 00000003.00000002.464476473.0000000003531000.00000004.00000001.sdmp, type: MEMORY |
Source: Yara match |
File source: Process Memory Space: malware.exe PID: 6380, type: MEMORY |
Source: Yara match |
File source: Process Memory Space: malware.exe PID: 6536, type: MEMORY |
Source: Yara match |
File source: 3.2.malware.exe.400000.0.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 0.2.malware.exe.4374cd0.3.raw.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 0.2.malware.exe.4374cd0.3.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 0.2.malware.exe.421ba00.2.raw.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 0.2.malware.exe.4277620.4.raw.unpack, type: UNPACKEDPE |