Source: unknown |
TCP traffic detected without corresponding DNS query: 194.5.98.250 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 194.5.98.250 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 194.5.98.250 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 194.5.98.250 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 194.5.98.250 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 194.5.98.250 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 194.5.98.250 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 194.5.98.250 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 194.5.98.250 |
Source: 00000000.00000002.204528446.0000000003C89000.00000004.00000001.sdmp, type: MEMORY |
Matched rule: Detetcs the Nanocore RAT Author: Florian Roth |
Source: 00000000.00000002.204528446.0000000003C89000.00000004.00000001.sdmp, type: MEMORY |
Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net> |
Source: Process Memory Space: AIC7VMxudf.exe PID: 4872, type: MEMORY |
Matched rule: Detetcs the Nanocore RAT Author: Florian Roth |
Source: Process Memory Space: AIC7VMxudf.exe PID: 4872, type: MEMORY |
Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net> |
Source: 0.2.AIC7VMxudf.exe.3efabf0.4.unpack, type: UNPACKEDPE |
Matched rule: Detetcs the Nanocore RAT Author: Florian Roth |
Source: 0.2.AIC7VMxudf.exe.3efabf0.4.unpack, type: UNPACKEDPE |
Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net> |
Source: 0.2.AIC7VMxudf.exe.3efabf0.4.raw.unpack, type: UNPACKEDPE |
Matched rule: Detetcs the Nanocore RAT Author: Florian Roth |
Source: 0.2.AIC7VMxudf.exe.3efabf0.4.raw.unpack, type: UNPACKEDPE |
Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net> |
Source: AIC7VMxudf.exe |
Binary or memory string: OriginalFilename vs AIC7VMxudf.exe |
Source: AIC7VMxudf.exe, 00000000.00000002.203974120.0000000002C81000.00000004.00000001.sdmp |
Binary or memory string: OriginalFilenameDurmu_ vs AIC7VMxudf.exe |
Source: AIC7VMxudf.exe, 00000000.00000000.194606267.0000000000692000.00000002.00020000.sdmp |
Binary or memory string: OriginalFilenameIMoniker.exeB vs AIC7VMxudf.exe |
Source: AIC7VMxudf.exe, 00000000.00000002.208258506.00000000063F0000.00000002.00000001.sdmp |
Binary or memory string: originalfilename vs AIC7VMxudf.exe |
Source: AIC7VMxudf.exe, 00000000.00000002.208258506.00000000063F0000.00000002.00000001.sdmp |
Binary or memory string: OriginalFilenamepropsys.dll.mui@ vs AIC7VMxudf.exe |
Source: AIC7VMxudf.exe, 00000000.00000002.208143709.0000000006300000.00000002.00000001.sdmp |
Binary or memory string: System.OriginalFileName vs AIC7VMxudf.exe |
Source: AIC7VMxudf.exe, 00000000.00000002.207993430.0000000005CA0000.00000004.00000001.sdmp |
Binary or memory string: OriginalFilenameDebuggerHiddenAttribute.dllX vs AIC7VMxudf.exe |
Source: AIC7VMxudf.exe |
Binary or memory string: OriginalFilenameIMoniker.exeB vs AIC7VMxudf.exe |
Source: 00000000.00000002.204528446.0000000003C89000.00000004.00000001.sdmp, type: MEMORY |
Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/ |
Source: 00000000.00000002.204528446.0000000003C89000.00000004.00000001.sdmp, type: MEMORY |
Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore |
Source: Process Memory Space: AIC7VMxudf.exe PID: 4872, type: MEMORY |
Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/ |
Source: Process Memory Space: AIC7VMxudf.exe PID: 4872, type: MEMORY |
Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore |
Source: 0.2.AIC7VMxudf.exe.3efabf0.4.unpack, type: UNPACKEDPE |
Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/ |
Source: 0.2.AIC7VMxudf.exe.3efabf0.4.unpack, type: UNPACKEDPE |
Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/ |
Source: 0.2.AIC7VMxudf.exe.3efabf0.4.unpack, type: UNPACKEDPE |
Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore |
Source: 0.2.AIC7VMxudf.exe.3efabf0.4.raw.unpack, type: UNPACKEDPE |
Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/ |
Source: 0.2.AIC7VMxudf.exe.3efabf0.4.raw.unpack, type: UNPACKEDPE |
Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore |
Source: AIC7VMxudf.exe |
Binary or memory string: Select * from Customers; |
Source: AIC7VMxudf.exe, 00000000.00000002.203974120.0000000002C81000.00000004.00000001.sdmp |
Binary or memory string: INSERT INTO PublisherMembershipCondition VALUES(@modelo, @fabricante, @ano, @cor); |
Source: AIC7VMxudf.exe, 00000000.00000002.203974120.0000000002C81000.00000004.00000001.sdmp |
Binary or memory string: INSERT INTO Itens_Aluguel VALUES(@aluguelID, @aviaoID, @validade); |
Source: AIC7VMxudf.exe, 00000000.00000002.203974120.0000000002C81000.00000004.00000001.sdmp |
Binary or memory string: Insert into Clientes values (@nome, @cpf, @rg, @cidade, @endereco, @uf, @telefone); |
Source: AIC7VMxudf.exe, 00000000.00000002.203974120.0000000002C81000.00000004.00000001.sdmp |
Binary or memory string: Select * from PublisherMembershipCondition WHERE modelo=@modelo;zDeu erro na execu |
Source: unknown |
Process created: C:\Users\user\Desktop\AIC7VMxudf.exe 'C:\Users\user\Desktop\AIC7VMxudf.exe' |
|
Source: C:\Users\user\Desktop\AIC7VMxudf.exe |
Process created: C:\Windows\SysWOW64\schtasks.exe 'C:\Windows\System32\schtasks.exe' /Create /TN 'Updates\TqksXQmEOtil' /XML 'C:\Users\user\AppData\Local\Temp\tmp819D.tmp' |
|
Source: C:\Windows\SysWOW64\schtasks.exe |
Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 |
|
Source: C:\Users\user\Desktop\AIC7VMxudf.exe |
Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
|
Source: C:\Users\user\Desktop\AIC7VMxudf.exe |
Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
|
Source: C:\Users\user\Desktop\AIC7VMxudf.exe |
Process created: C:\Windows\SysWOW64\schtasks.exe 'C:\Windows\System32\schtasks.exe' /Create /TN 'Updates\TqksXQmEOtil' /XML 'C:\Users\user\AppData\Local\Temp\tmp819D.tmp' |
Jump to behavior |
Source: C:\Users\user\Desktop\AIC7VMxudf.exe |
Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Jump to behavior |
Source: C:\Users\user\Desktop\AIC7VMxudf.exe |
Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Jump to behavior |
Source: AIC7VMxudf.exe, FallbackBuffer.cs |
.Net Code: NewLateBinding.LateCall(V_4, null, "Invoke", new object[] { null, new object[] { new string[] { FormatterTypeStyle.ExclusiveScheduler, FormatterTypeStyle.IdentityAuthority, "SKS" } } }, null, null, null, true) |
Source: TqksXQmEOtil.exe.0.dr, FallbackBuffer.cs |
.Net Code: NewLateBinding.LateCall(V_4, null, "Invoke", new object[] { null, new object[] { new string[] { FormatterTypeStyle.ExclusiveScheduler, FormatterTypeStyle.IdentityAuthority, "SKS" } } }, null, null, null, true) |
Source: 0.2.AIC7VMxudf.exe.690000.0.unpack, FallbackBuffer.cs |
.Net Code: NewLateBinding.LateCall(V_4, null, "Invoke", new object[] { null, new object[] { new string[] { FormatterTypeStyle.ExclusiveScheduler, FormatterTypeStyle.IdentityAuthority, "SKS" } } }, null, null, null, true) |
Source: 0.0.AIC7VMxudf.exe.690000.0.unpack, FallbackBuffer.cs |
.Net Code: NewLateBinding.LateCall(V_4, null, "Invoke", new object[] { null, new object[] { new string[] { FormatterTypeStyle.ExclusiveScheduler, FormatterTypeStyle.IdentityAuthority, "SKS" } } }, null, null, null, true) |
Source: AIC7VMxudf.exe, FallbackBuffer.cs |
.Net Code: WSTRBufferMarshaler System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[]) |
Source: TqksXQmEOtil.exe.0.dr, FallbackBuffer.cs |
.Net Code: WSTRBufferMarshaler System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[]) |
Source: 0.2.AIC7VMxudf.exe.690000.0.unpack, FallbackBuffer.cs |
.Net Code: WSTRBufferMarshaler System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[]) |
Source: 0.0.AIC7VMxudf.exe.690000.0.unpack, FallbackBuffer.cs |
.Net Code: WSTRBufferMarshaler System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[]) |
Source: C:\Users\user\Desktop\AIC7VMxudf.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\AIC7VMxudf.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\AIC7VMxudf.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\AIC7VMxudf.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\AIC7VMxudf.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\AIC7VMxudf.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\AIC7VMxudf.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\AIC7VMxudf.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\AIC7VMxudf.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\AIC7VMxudf.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\AIC7VMxudf.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\AIC7VMxudf.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\AIC7VMxudf.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\AIC7VMxudf.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\AIC7VMxudf.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\AIC7VMxudf.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\AIC7VMxudf.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\AIC7VMxudf.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\AIC7VMxudf.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\AIC7VMxudf.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\AIC7VMxudf.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\AIC7VMxudf.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\AIC7VMxudf.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\AIC7VMxudf.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\AIC7VMxudf.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\AIC7VMxudf.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\AIC7VMxudf.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\AIC7VMxudf.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: AIC7VMxudf.exe, 00000000.00000002.203974120.0000000002C81000.00000004.00000001.sdmp |
Binary or memory string: VMware SVGA IIBAdd-MpPreference -ExclusionPath " |
Source: AIC7VMxudf.exe, 00000000.00000002.203974120.0000000002C81000.00000004.00000001.sdmp |
Binary or memory string: InstallPathJC:\PROGRAM FILES\VMWARE\VMWARE TOOLS\ |
Source: AIC7VMxudf.exe, 00000000.00000002.203974120.0000000002C81000.00000004.00000001.sdmp |
Binary or memory string: vmware |
Source: AIC7VMxudf.exe, 00000000.00000002.203974120.0000000002C81000.00000004.00000001.sdmp |
Binary or memory string: VMWAREDSOFTWARE\VMware, Inc.\VMware Tools |
Source: C:\Users\user\Desktop\AIC7VMxudf.exe |
Queries volume information: C:\Users\user\Desktop\AIC7VMxudf.exe VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\AIC7VMxudf.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\AIC7VMxudf.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\AIC7VMxudf.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Queries volume information: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe VolumeInformation |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiVirusProduct |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiSpywareProduct |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM FirewallProduct |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiVirusProduct |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiSpywareProduct |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM FirewallProduct |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiVirusProduct |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiSpywareProduct |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM FirewallProduct |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiVirusProduct |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiSpywareProduct |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM FirewallProduct |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiVirusProduct |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiSpywareProduct |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM FirewallProduct |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiVirusProduct |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiSpywareProduct |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM FirewallProduct |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiVirusProduct |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiSpywareProduct |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM FirewallProduct |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiVirusProduct |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiSpywareProduct |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM FirewallProduct |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiVirusProduct |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiSpywareProduct |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM FirewallProduct |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiVirusProduct |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiSpywareProduct |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM FirewallProduct |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiVirusProduct |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiSpywareProduct |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM FirewallProduct |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiVirusProduct |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiSpywareProduct |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM FirewallProduct |