Analysis Report Szallitasi adatok.tar

Overview

General Information

Sample Name: Szallitasi adatok.tar
Analysis ID: 383998
MD5: fa2c7acf057d7ecf693cbb13fab9b1b3
SHA1: b67cd39674b6d039e235fbb9cf0272a103afa475
SHA256: 1b90e29a9f49905ead7832ff25d7ba91fddeb4827d7c8ca506c6c0b6f96acda7
Infos:

Most interesting Screenshot:

Detection

AgentTesla
Score: 100
Range: 0 - 100
Whitelisted: false
Confidence: 100%

Signatures

Found malware configuration
Multi AV Scanner detection for dropped file
Yara detected AgentTesla
Yara detected AntiVM3
.NET source code contains very large array initializations
Injects a PE file into a foreign processes
Machine Learning detection for dropped file
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to harvest and steal ftp login credentials
Tries to steal Mail credentials (via file access)
Antivirus or Machine Learning detection for unpacked file
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Drops PE files
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found inlined nop instructions (likely shell or obfuscated code)
IP address seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
PE file contains strange resources
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Uses SMTP (mail sending)
Uses code obfuscation techniques (call, push, ret)
Yara detected Credential Stealer

Classification

AV Detection:

barindex
Found malware configuration
Source: 6.2.Szallitasi adatok.exe.4086228.3.unpack Malware Configuration Extractor: Agenttesla {"Exfil Mode": "SMTP", "SMTP Info": "torremolinos3@copiplus.esvB&6mnT00r3mol2o17smtp.1and1.es"}
Multi AV Scanner detection for dropped file
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe ReversingLabs: Detection: 18%
Machine Learning detection for dropped file
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Joe Sandbox ML: detected
Antivirus or Machine Learning detection for unpacked file
Source: 7.2.Szallitasi adatok.exe.400000.0.unpack Avira: Label: TR/Spy.Gen8
Source: C:\Windows\SysWOW64\unarchiver.exe File opened: C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.9445_none_d08c58b4442ba54f\MSVCR80.dll Jump to behavior

Software Vulnerabilities:

barindex
Found inlined nop instructions (likely shell or obfuscated code)
Source: C:\Windows\SysWOW64\unarchiver.exe Code function: 4x nop then jmp 02EB099Bh 0_2_02EB02A8
Source: C:\Windows\SysWOW64\unarchiver.exe Code function: 4x nop then jmp 02EB099Ah 0_2_02EB02A8
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Code function: 4x nop then mov dword ptr [ebp-18h], 00000000h 6_2_04E697A8
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Code function: 4x nop then mov dword ptr [ebp-18h], 00000000h 6_2_04E69798
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Code function: 4x nop then mov dword ptr [ebp-18h], 00000000h 6_2_04E68288
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Code function: 4x nop then mov dword ptr [ebp-18h], 00000000h 6_2_04E68279

Networking:

barindex
Detected TCP or UDP traffic on non-standard ports
Source: global traffic TCP traffic: 192.168.2.6:49748 -> 212.227.15.158:587
IP address seen in connection with other malware
Source: Joe Sandbox View IP Address: 212.227.15.158 212.227.15.158
Uses SMTP (mail sending)
Source: global traffic TCP traffic: 192.168.2.6:49748 -> 212.227.15.158:587
Source: unknown DNS traffic detected: queries for: smtp.1and1.es
Source: Szallitasi adatok.exe, 00000007.00000002.590323403.0000000003481000.00000004.00000001.sdmp String found in binary or memory: http://127.0.0.1:HTTP/1.1
Source: Szallitasi adatok.exe, 00000007.00000002.590323403.0000000003481000.00000004.00000001.sdmp String found in binary or memory: http://CpKupV.com
Source: Szallitasi adatok.exe, 00000007.00000002.590323403.0000000003481000.00000004.00000001.sdmp String found in binary or memory: http://DynDns.comDynDNS
Source: Szallitasi adatok.exe, 00000007.00000002.595705814.0000000006FA0000.00000004.00000001.sdmp String found in binary or memory: http://cacerts.geotrust.com/GeoTrustRSACA2018.crt0
Source: Szallitasi adatok.exe, 00000007.00000002.595705814.0000000006FA0000.00000004.00000001.sdmp String found in binary or memory: http://cdp.geotrust.com/GeoTrustRSACA2018.crl0L
Source: Szallitasi adatok.exe, 00000007.00000002.595705814.0000000006FA0000.00000004.00000001.sdmp String found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl0=
Source: Szallitasi adatok.exe, 00000006.00000002.347842702.0000000007042000.00000004.00000001.sdmp String found in binary or memory: http://fontfabrik.com
Source: Szallitasi adatok.exe, 00000007.00000002.595705814.0000000006FA0000.00000004.00000001.sdmp String found in binary or memory: http://ocsp.digicert.com0B
Source: Szallitasi adatok.exe, 00000006.00000002.343156984.0000000002E03000.00000004.00000001.sdmp, Szallitasi adatok.exe, 00000006.00000002.343135328.0000000002DF1000.00000004.00000001.sdmp String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
Source: Szallitasi adatok.exe, 00000006.00000002.343156984.0000000002E03000.00000004.00000001.sdmp String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name4
Source: Szallitasi adatok.exe, 00000007.00000002.592552943.00000000037DC000.00000004.00000001.sdmp String found in binary or memory: http://smtp.1and1.es
Source: Szallitasi adatok.exe, 00000007.00000002.595705814.0000000006FA0000.00000004.00000001.sdmp String found in binary or memory: http://status.geotrust.com0=
Source: Szallitasi adatok.exe, 00000007.00000002.590323403.0000000003481000.00000004.00000001.sdmp, Szallitasi adatok.exe, 00000007.00000003.544547709.00000000015E4000.00000004.00000001.sdmp String found in binary or memory: http://wjANZKRbswl5oYyv5U.com
Source: Szallitasi adatok.exe, 00000006.00000002.347842702.0000000007042000.00000004.00000001.sdmp String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
Source: Szallitasi adatok.exe, 00000006.00000003.329128388.0000000005E61000.00000004.00000001.sdmp, Szallitasi adatok.exe, 00000006.00000003.328833893.0000000005E61000.00000004.00000001.sdmp String found in binary or memory: http://www.carterandcone.com
Source: Szallitasi adatok.exe, 00000006.00000003.328759345.0000000005E61000.00000004.00000001.sdmp String found in binary or memory: http://www.carterandcone.com.N
Source: Szallitasi adatok.exe, 00000006.00000002.347842702.0000000007042000.00000004.00000001.sdmp String found in binary or memory: http://www.carterandcone.coml
Source: Szallitasi adatok.exe, 00000006.00000003.328833893.0000000005E61000.00000004.00000001.sdmp String found in binary or memory: http://www.carterandcone.comn-u
Source: Szallitasi adatok.exe, 00000006.00000003.329128388.0000000005E61000.00000004.00000001.sdmp String found in binary or memory: http://www.carterandcone.comn-u0
Source: Szallitasi adatok.exe, 00000006.00000003.329128388.0000000005E61000.00000004.00000001.sdmp String found in binary or memory: http://www.carterandcone.comr
Source: Szallitasi adatok.exe, 00000006.00000002.347842702.0000000007042000.00000004.00000001.sdmp String found in binary or memory: http://www.fontbureau.com
Source: Szallitasi adatok.exe, 00000006.00000002.347842702.0000000007042000.00000004.00000001.sdmp, Szallitasi adatok.exe, 00000006.00000003.334203954.0000000005E62000.00000004.00000001.sdmp String found in binary or memory: http://www.fontbureau.com/designers
Source: Szallitasi adatok.exe, 00000006.00000003.330798629.0000000005E62000.00000004.00000001.sdmp String found in binary or memory: http://www.fontbureau.com/designers/
Source: Szallitasi adatok.exe, 00000006.00000002.347842702.0000000007042000.00000004.00000001.sdmp String found in binary or memory: http://www.fontbureau.com/designers/?
Source: Szallitasi adatok.exe, 00000006.00000002.347842702.0000000007042000.00000004.00000001.sdmp String found in binary or memory: http://www.fontbureau.com/designers/cabarga.htmlN
Source: Szallitasi adatok.exe, 00000006.00000003.330983935.0000000005E62000.00000004.00000001.sdmp, Szallitasi adatok.exe, 00000006.00000002.347842702.0000000007042000.00000004.00000001.sdmp String found in binary or memory: http://www.fontbureau.com/designers/frere-jones.html
Source: Szallitasi adatok.exe, 00000006.00000003.330590528.0000000005E62000.00000004.00000001.sdmp String found in binary or memory: http://www.fontbureau.com/designers/i
Source: Szallitasi adatok.exe, 00000006.00000002.347842702.0000000007042000.00000004.00000001.sdmp String found in binary or memory: http://www.fontbureau.com/designers8
Source: Szallitasi adatok.exe, 00000006.00000002.347842702.0000000007042000.00000004.00000001.sdmp String found in binary or memory: http://www.fontbureau.com/designers?
Source: Szallitasi adatok.exe, 00000006.00000003.330822847.0000000005E62000.00000004.00000001.sdmp String found in binary or memory: http://www.fontbureau.com/designersC
Source: Szallitasi adatok.exe, 00000006.00000002.347842702.0000000007042000.00000004.00000001.sdmp String found in binary or memory: http://www.fontbureau.com/designersG
Source: Szallitasi adatok.exe, 00000006.00000003.330822847.0000000005E62000.00000004.00000001.sdmp String found in binary or memory: http://www.fontbureau.com/designersP
Source: Szallitasi adatok.exe, 00000006.00000003.331212623.0000000005E62000.00000004.00000001.sdmp String found in binary or memory: http://www.fontbureau.com/designers~
Source: Szallitasi adatok.exe, 00000006.00000003.341878900.0000000005E3A000.00000004.00000001.sdmp String found in binary or memory: http://www.fontbureau.comaJ
Source: Szallitasi adatok.exe, 00000006.00000003.341878900.0000000005E3A000.00000004.00000001.sdmp String found in binary or memory: http://www.fontbureau.comasc
Source: Szallitasi adatok.exe, 00000006.00000002.347842702.0000000007042000.00000004.00000001.sdmp String found in binary or memory: http://www.fonts.com
Source: Szallitasi adatok.exe, 00000006.00000002.347842702.0000000007042000.00000004.00000001.sdmp String found in binary or memory: http://www.founder.com.cn/cn
Source: Szallitasi adatok.exe, 00000006.00000002.347842702.0000000007042000.00000004.00000001.sdmp String found in binary or memory: http://www.founder.com.cn/cn/bThe
Source: Szallitasi adatok.exe, 00000006.00000002.347842702.0000000007042000.00000004.00000001.sdmp String found in binary or memory: http://www.founder.com.cn/cn/cThe
Source: Szallitasi adatok.exe, 00000006.00000003.328398898.0000000005E5D000.00000004.00000001.sdmp String found in binary or memory: http://www.founder.com.cn/cna-e
Source: Szallitasi adatok.exe, 00000006.00000002.347842702.0000000007042000.00000004.00000001.sdmp String found in binary or memory: http://www.galapagosdesign.com/DPlease
Source: Szallitasi adatok.exe, 00000006.00000002.347842702.0000000007042000.00000004.00000001.sdmp String found in binary or memory: http://www.galapagosdesign.com/staff/dennis.htm
Source: Szallitasi adatok.exe, 00000006.00000003.328148680.0000000005E5D000.00000004.00000001.sdmp String found in binary or memory: http://www.goodfont.co.kr
Source: Szallitasi adatok.exe, 00000006.00000003.328148680.0000000005E5D000.00000004.00000001.sdmp String found in binary or memory: http://www.goodfont.co.kr-e
Source: Szallitasi adatok.exe, 00000006.00000003.329656338.0000000005E37000.00000004.00000001.sdmp, Szallitasi adatok.exe, 00000006.00000003.329458297.0000000005E34000.00000004.00000001.sdmp String found in binary or memory: http://www.jiyu-kobo.co.jp/
Source: Szallitasi adatok.exe, 00000006.00000003.329656338.0000000005E37000.00000004.00000001.sdmp, Szallitasi adatok.exe, 00000006.00000003.329810137.0000000005E3A000.00000004.00000001.sdmp String found in binary or memory: http://www.jiyu-kobo.co.jp//
Source: Szallitasi adatok.exe, 00000006.00000003.329810137.0000000005E3A000.00000004.00000001.sdmp String found in binary or memory: http://www.jiyu-kobo.co.jp/C
Source: Szallitasi adatok.exe, 00000006.00000003.329656338.0000000005E37000.00000004.00000001.sdmp String found in binary or memory: http://www.jiyu-kobo.co.jp/U
Source: Szallitasi adatok.exe, 00000006.00000003.329656338.0000000005E37000.00000004.00000001.sdmp, Szallitasi adatok.exe, 00000006.00000003.329810137.0000000005E3A000.00000004.00000001.sdmp String found in binary or memory: http://www.jiyu-kobo.co.jp/jp/
Source: Szallitasi adatok.exe, 00000006.00000003.329656338.0000000005E37000.00000004.00000001.sdmp String found in binary or memory: http://www.jiyu-kobo.co.jp/jp/J
Source: Szallitasi adatok.exe, 00000006.00000003.329810137.0000000005E3A000.00000004.00000001.sdmp String found in binary or memory: http://www.jiyu-kobo.co.jp/n
Source: Szallitasi adatok.exe, 00000006.00000003.329656338.0000000005E37000.00000004.00000001.sdmp String found in binary or memory: http://www.jiyu-kobo.co.jp/nb-n
Source: Szallitasi adatok.exe, 00000006.00000003.333277327.0000000005E61000.00000004.00000001.sdmp String found in binary or memory: http://www.monotype.
Source: Szallitasi adatok.exe, 00000006.00000002.347842702.0000000007042000.00000004.00000001.sdmp String found in binary or memory: http://www.sajatypeworks.com
Source: Szallitasi adatok.exe, 00000006.00000003.329984191.0000000005E62000.00000004.00000001.sdmp String found in binary or memory: http://www.sakkal.com
Source: Szallitasi adatok.exe, 00000006.00000003.328148680.0000000005E5D000.00000004.00000001.sdmp String found in binary or memory: http://www.sandoll.co.kr
Source: Szallitasi adatok.exe, 00000006.00000003.328148680.0000000005E5D000.00000004.00000001.sdmp String found in binary or memory: http://www.sandoll.co.kr.krt-b
Source: Szallitasi adatok.exe, 00000006.00000002.347842702.0000000007042000.00000004.00000001.sdmp String found in binary or memory: http://www.tiro.com
Source: Szallitasi adatok.exe, 00000006.00000003.329144440.0000000005E61000.00000004.00000001.sdmp String found in binary or memory: http://www.tiro.comslnt
Source: Szallitasi adatok.exe, 00000006.00000002.347842702.0000000007042000.00000004.00000001.sdmp String found in binary or memory: http://www.typography.netD
Source: Szallitasi adatok.exe, 00000006.00000003.331404258.0000000005E62000.00000004.00000001.sdmp String found in binary or memory: http://www.urwpp.de
Source: Szallitasi adatok.exe, 00000006.00000002.347842702.0000000007042000.00000004.00000001.sdmp String found in binary or memory: http://www.urwpp.deDPlease
Source: Szallitasi adatok.exe, 00000006.00000003.331404258.0000000005E62000.00000004.00000001.sdmp String found in binary or memory: http://www.urwpp.derT
Source: Szallitasi adatok.exe, 00000006.00000002.347842702.0000000007042000.00000004.00000001.sdmp String found in binary or memory: http://www.zhongyicts.com.cn
Source: Szallitasi adatok.exe, 00000006.00000003.328730706.0000000005E61000.00000004.00000001.sdmp String found in binary or memory: http://www.zhongyicts.com.cna
Source: Szallitasi adatok.exe, Szallitasi adatok.exe, 00000007.00000000.340920875.0000000000F82000.00000002.00020000.sdmp, Szallitasi adatok.tar String found in binary or memory: https://dist.nuget.org/win-x86-commandline/latest/nuget.exe
Source: Szallitasi adatok.exe, Szallitasi adatok.tar String found in binary or memory: https://github.com/Spegeli/Pokemon-Go-Rocket-API/archive/master.zip
Source: Szallitasi adatok.exe, Szallitasi adatok.exe, 00000007.00000000.340920875.0000000000F82000.00000002.00020000.sdmp, Szallitasi adatok.tar String found in binary or memory: https://github.com/d-haxton/HaxtonBot/archive/master.zip
Source: Szallitasi adatok.exe, 00000006.00000002.343156984.0000000002E03000.00000004.00000001.sdmp String found in binary or memory: https://stackpath.bootstrapcdn.com/bootstrap/4.5.0/css/bootstrap.min.css
Source: Szallitasi adatok.exe, 00000007.00000002.595705814.0000000006FA0000.00000004.00000001.sdmp String found in binary or memory: https://www.digicert.com/CPS0
Source: Szallitasi adatok.exe, 00000006.00000002.344267324.0000000003FF6000.00000004.00000001.sdmp, Szallitasi adatok.exe, 00000007.00000002.586946181.0000000000402000.00000040.00000001.sdmp String found in binary or memory: https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip
Source: Szallitasi adatok.exe, 00000007.00000002.590323403.0000000003481000.00000004.00000001.sdmp String found in binary or memory: https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip%tordir%%ha

System Summary:

barindex
.NET source code contains very large array initializations
Source: 7.2.Szallitasi adatok.exe.400000.0.unpack, u003cPrivateImplementationDetailsu003eu007bEC539FFCu002dC2DEu002d4D49u002d9C7Du002d51A304EDDE69u007d/DB0019FBu002dD56Eu002d4258u002d8DEFu002dF1840779C330.cs Large array initialization: .cctor: array initializer size 11940
Detected potential crypto function
Source: C:\Windows\SysWOW64\unarchiver.exe Code function: 0_2_02EB02A8 0_2_02EB02A8
Source: C:\Windows\SysWOW64\unarchiver.exe Code function: 0_2_02EB0299 0_2_02EB0299
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Code function: 6_2_00A32050 6_2_00A32050
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Code function: 6_2_014C94A8 6_2_014C94A8
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Code function: 6_2_014CDCF4 6_2_014CDCF4
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Code function: 6_2_014CC148 6_2_014CC148
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Code function: 6_2_014CE218 6_2_014CE218
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Code function: 6_2_014CA748 6_2_014CA748
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Code function: 6_2_04E60040 6_2_04E60040
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Code function: 6_2_04E62130 6_2_04E62130
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Code function: 6_2_04E61C30 6_2_04E61C30
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Code function: 6_2_04E65AF5 6_2_04E65AF5
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Code function: 6_2_04E654A8 6_2_04E654A8
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Code function: 6_2_04E654B8 6_2_04E654B8
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Code function: 6_2_04E60006 6_2_04E60006
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Code function: 6_2_04E63007 6_2_04E63007
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Code function: 6_2_04E61017 6_2_04E61017
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Code function: 6_2_04E63018 6_2_04E63018
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Code function: 6_2_04E62120 6_2_04E62120
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Code function: 6_2_04E61C21 6_2_04E61C21
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Code function: 6_2_04E60EE0 6_2_04E60EE0
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Code function: 6_2_04E60ED8 6_2_04E60ED8
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Code function: 7_2_00F82050 7_2_00F82050
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Code function: 7_2_017F2020 7_2_017F2020
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Code function: 7_2_017FAB70 7_2_017FAB70
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Code function: 7_2_017F2618 7_2_017F2618
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Code function: 7_2_017FC378 7_2_017FC378
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Code function: 7_2_01839000 7_2_01839000
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Code function: 7_2_01833800 7_2_01833800
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Code function: 7_2_018377A0 7_2_018377A0
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Code function: 7_2_01831AE0 7_2_01831AE0
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Code function: 7_2_01831108 7_2_01831108
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Code function: 7_2_01838820 7_2_01838820
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Code function: 7_2_0183C7C8 7_2_0183C7C8
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Code function: 7_2_0183A370 7_2_0183A370
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Code function: 7_2_0183F204 7_2_0183F204
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Code function: 7_2_0183BA50 7_2_0183BA50
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Code function: 7_2_0188F3C0 7_2_0188F3C0
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Code function: 7_2_0188B7D4 7_2_0188B7D4
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Code function: 7_2_01885D40 7_2_01885D40
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Code function: 7_2_01880040 7_2_01880040
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Code function: 7_2_018871F0 7_2_018871F0
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Code function: 7_2_0188A740 7_2_0188A740
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Code function: 7_2_01889180 7_2_01889180
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Code function: 7_2_01880014 7_2_01880014
PE file contains strange resources
Source: Szallitasi adatok.exe.2.dr Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Sample file is different than original file name gathered from version info
Source: Szallitasi adatok.tar Binary or memory string: OriginalFilenameIsByValue.exeD vs Szallitasi adatok.tar
Source: Szallitasi adatok.exe.2.dr Static PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
Source: 7.2.Szallitasi adatok.exe.400000.0.unpack, A/b2.cs Cryptographic APIs: 'TransformFinalBlock', 'CreateDecryptor'
Source: 7.2.Szallitasi adatok.exe.400000.0.unpack, A/b2.cs Cryptographic APIs: 'TransformFinalBlock', 'CreateDecryptor'
Source: classification engine Classification label: mal100.troj.spyw.evad.winTAR@11/4@1/1
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe File created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\Szallitasi adatok.exe.log Jump to behavior
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6964:120:WilError_01
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7028:120:WilError_01
Source: C:\Windows\SysWOW64\unarchiver.exe File created: C:\Users\user\AppData\Local\Temp\mcgybaxf.vdb Jump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exe Section loaded: C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9603718106bd57ecfbb18fefd769cab4\mscorlib.ni.dll Jump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exe Section loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp Jump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exe Section loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Section loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Section loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Windows\SysWOW64\unarchiver.exe Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe File read: C:\Windows\System32\drivers\etc\hosts Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe File read: C:\Windows\System32\drivers\etc\hosts Jump to behavior
Source: Szallitasi adatok.exe, 00000006.00000002.343156984.0000000002E03000.00000004.00000001.sdmp Binary or memory string: Select * from UnmanagedMemoryStreamWrapper WHERE modelo=@modelo;?
Source: Szallitasi adatok.exe, 00000006.00000002.343156984.0000000002E03000.00000004.00000001.sdmp Binary or memory string: Select * from Clientes WHERE id=@id;;
Source: Szallitasi adatok.exe, 00000006.00000002.343156984.0000000002E03000.00000004.00000001.sdmp Binary or memory string: Select * from Aluguel5Erro ao listar Banco sql-UnmanagedMemoryStreamWrapper.INSERT INTO Aluguel VALUES(@clienteID, @data);
Source: Szallitasi adatok.exe, 00000006.00000002.343156984.0000000002E03000.00000004.00000001.sdmp Binary or memory string: INSERT INTO UnmanagedMemoryStreamWrapper VALUES(@modelo, @fabricante, @ano, @cor);
Source: Szallitasi adatok.exe, 00000006.00000002.343156984.0000000002E03000.00000004.00000001.sdmp Binary or memory string: INSERT INTO Itens_Aluguel VALUES(@aluguelID, @aviaoID, @validade);
Source: Szallitasi adatok.exe, 00000006.00000002.343156984.0000000002E03000.00000004.00000001.sdmp Binary or memory string: Insert into Clientes values (@nome, @cpf, @rg, @cidade, @endereco, @uf, @telefone);
Source: Szallitasi adatok.exe, 00000006.00000002.343156984.0000000002E03000.00000004.00000001.sdmp Binary or memory string: INSERT INTO Aluguel VALUES(@clienteID, @data);
Source: unknown Process created: C:\Windows\SysWOW64\unarchiver.exe 'C:\Windows\SysWOW64\unarchiver.exe' 'C:\Users\user\Desktop\Szallitasi adatok.tar'
Source: C:\Windows\SysWOW64\unarchiver.exe Process created: C:\Windows\SysWOW64\7za.exe 'C:\Windows\System32\7za.exe' x -pinfected -y -o'C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s' 'C:\Users\user\Desktop\Szallitasi adatok.tar'
Source: C:\Windows\SysWOW64\7za.exe Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\unarchiver.exe Process created: C:\Windows\SysWOW64\cmd.exe 'cmd.exe' /C 'C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe'
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Process created: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe
Source: C:\Windows\SysWOW64\unarchiver.exe Process created: C:\Windows\SysWOW64\7za.exe 'C:\Windows\System32\7za.exe' x -pinfected -y -o'C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s' 'C:\Users\user\Desktop\Szallitasi adatok.tar' Jump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exe Process created: C:\Windows\SysWOW64\cmd.exe 'cmd.exe' /C 'C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe' Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Process created: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{172BDDF8-CEEA-11D1-8B05-00600806D9B6}\InProcServer32 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe File opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Key opened: HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 Jump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exe File opened: C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.9445_none_d08c58b4442ba54f\MSVCR80.dll Jump to behavior

Data Obfuscation:

barindex
Uses code obfuscation techniques (call, push, ret)
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Code function: 6_2_00A48507 push dword ptr [esi+3Fh]; iretd 6_2_00A48519
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Code function: 6_2_00A35683 push es; retf 6_2_00A35684
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Code function: 6_2_00A49273 push FFFFFFD9h; iretd 6_2_00A49290
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Code function: 7_2_00F98507 push dword ptr [esi+3Fh]; iretd 7_2_00F98519
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Code function: 7_2_00F85683 push es; retf 7_2_00F85684
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Code function: 7_2_017F7A37 push edi; retn 0000h 7_2_017F7A39
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Code function: 7_2_018368AB push FFFFFF8Bh; iretd 7_2_018368AF
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Code function: 7_2_01836433 pushad ; retf 7_2_0183643D
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Code function: 7_2_0183683D push FFFFFF8Bh; iretd 7_2_01836841
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Code function: 7_2_018367C7 push FFFFFF8Bh; iretd 7_2_018367D9
Source: initial sample Static PE information: section name: .text entropy: 7.53444175386

Persistence and Installation Behavior:

barindex
Drops PE files
Source: C:\Windows\SysWOW64\7za.exe File created: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Jump to dropped file

Hooking and other Techniques for Hiding and Protection:

barindex
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Registry key monitored for changes: HKEY_CURRENT_USER_Classes Jump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Process information set: NOOPENFILEERRORBOX Jump to behavior

Malware Analysis System Evasion:

barindex
Yara detected AntiVM3
Source: Yara match File source: 00000006.00000002.343156984.0000000002E03000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match File source: Process Memory Space: Szallitasi adatok.exe PID: 7056, type: MEMORY
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BaseBoard
Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_NetworkAdapterConfiguration
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Source: Szallitasi adatok.exe, 00000006.00000002.343156984.0000000002E03000.00000004.00000001.sdmp Binary or memory string: WINE_GET_UNIX_FILE_NAME
Source: Szallitasi adatok.exe, 00000006.00000002.343156984.0000000002E03000.00000004.00000001.sdmp Binary or memory string: SBIEDLL.DLL
Contains long sleeps (>= 3 min)
Source: C:\Windows\SysWOW64\unarchiver.exe Thread delayed: delay time: 922337203685477 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Thread delayed: delay time: 922337203685477 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Thread delayed: delay time: 922337203685477 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Thread delayed: delay time: 922337203685477 Jump to behavior
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Window / User API: threadDelayed 8291 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Window / User API: threadDelayed 1568 Jump to behavior
May sleep (evasive loops) to hinder dynamic analysis
Source: C:\Windows\SysWOW64\unarchiver.exe TID: 6904 Thread sleep time: -922337203685477s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe TID: 7060 Thread sleep time: -99493s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe TID: 7080 Thread sleep time: -922337203685477s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe TID: 7100 Thread sleep time: -922337203685477s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe TID: 5608 Thread sleep time: -18446744073709540s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe TID: 6108 Thread sleep count: 8291 > 30 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe TID: 6108 Thread sleep count: 1568 > 30 Jump to behavior
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
Source: C:\Windows\SysWOW64\unarchiver.exe Code function: 0_2_0146B042 GetSystemInfo, 0_2_0146B042
Source: C:\Windows\SysWOW64\unarchiver.exe Thread delayed: delay time: 922337203685477 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Thread delayed: delay time: 99493 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Thread delayed: delay time: 922337203685477 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Thread delayed: delay time: 922337203685477 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Thread delayed: delay time: 922337203685477 Jump to behavior
Source: Szallitasi adatok.exe, 00000006.00000002.343156984.0000000002E03000.00000004.00000001.sdmp Binary or memory string: vmware
Source: Szallitasi adatok.exe, 00000007.00000002.595705814.0000000006FA0000.00000004.00000001.sdmp Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllM
Source: Szallitasi adatok.exe, 00000006.00000002.343156984.0000000002E03000.00000004.00000001.sdmp Binary or memory string: C:\PROGRAM FILES\VMWARE\VMWARE TOOLS\
Source: Szallitasi adatok.exe, 00000006.00000002.343156984.0000000002E03000.00000004.00000001.sdmp Binary or memory string: SOFTWARE\VMware, Inc.\VMware Tools
Source: Szallitasi adatok.exe, 00000006.00000002.343156984.0000000002E03000.00000004.00000001.sdmp Binary or memory string: VMware SVGA II!Add-MpPreference -ExclusionPath "
Source: Szallitasi adatok.exe, 00000006.00000002.343156984.0000000002E03000.00000004.00000001.sdmp Binary or memory string: VMWARE
Source: Szallitasi adatok.exe, 00000006.00000002.343156984.0000000002E03000.00000004.00000001.sdmp Binary or memory string: InstallPath%C:\PROGRAM FILES\VMWARE\VMWARE TOOLS\
Source: Szallitasi adatok.exe, 00000006.00000002.343156984.0000000002E03000.00000004.00000001.sdmp Binary or memory string: VMWARE"SOFTWARE\VMware, Inc.\VMware ToolsLHARDWARE\DEVICEMAP\Scsi\Scsi Port 1\Scsi Bus 0\Target Id 0\Logical Unit Id 0LHARDWARE\DEVICEMAP\Scsi\Scsi Port 2\Scsi Bus 0\Target Id 0\Logical Unit Id 0'SYSTEM\ControlSet001\Services\Disk\Enum
Source: Szallitasi adatok.exe, 00000006.00000002.343156984.0000000002E03000.00000004.00000001.sdmp Binary or memory string: VMware SVGA II
Source: Szallitasi adatok.exe, 00000006.00000002.343156984.0000000002E03000.00000004.00000001.sdmp Binary or memory string: vmwareNSYSTEM\ControlSet001\Control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}\0000
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Process information queried: ProcessInformation Jump to behavior

Anti Debugging:

barindex
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Code function: 7_2_0183C490 LdrInitializeThunk, 7_2_0183C490
Enables debug privileges
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Process token adjusted: Debug Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Process token adjusted: Debug Jump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exe Memory allocated: page read and write | page guard Jump to behavior

HIPS / PFW / Operating System Protection Evasion:

barindex
Injects a PE file into a foreign processes
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Memory written: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe base: 400000 value starts with: 4D5A Jump to behavior
Creates a process in suspended mode (likely to inject code)
Source: C:\Windows\SysWOW64\unarchiver.exe Process created: C:\Windows\SysWOW64\7za.exe 'C:\Windows\System32\7za.exe' x -pinfected -y -o'C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s' 'C:\Users\user\Desktop\Szallitasi adatok.tar' Jump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exe Process created: C:\Windows\SysWOW64\cmd.exe 'cmd.exe' /C 'C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe' Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe Process created: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Process created: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Jump to behavior
Source: Szallitasi adatok.exe, 00000007.00000002.589689355.0000000001EB0000.00000002.00000001.sdmp Binary or memory string: Shell_TrayWnd
Source: Szallitasi adatok.exe, 00000007.00000002.589689355.0000000001EB0000.00000002.00000001.sdmp Binary or memory string: Progman
Source: Szallitasi adatok.exe, 00000007.00000002.589689355.0000000001EB0000.00000002.00000001.sdmp Binary or memory string: &Program Manager
Source: Szallitasi adatok.exe, 00000007.00000002.589689355.0000000001EB0000.00000002.00000001.sdmp Binary or memory string: Progmanlock

Language, Device and Operating System Detection:

barindex
Queries the volume information (name, serial number etc) of a device
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Queries volume information: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Remoting\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Queries volume information: C:\Windows\Fonts\arial.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Queries volume information: C:\Windows\Fonts\ariali.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Queries volume information: C:\Windows\Fonts\arialbd.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Queries volume information: C:\Windows\Fonts\arialbi.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Queries volume information: C:\Windows\Fonts\ARIALN.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Queries volume information: C:\Windows\Fonts\ariblk.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Queries volume information: C:\Windows\Fonts\ARIALNI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Queries volume information: C:\Windows\Fonts\ARIALNB.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Queries volume information: C:\Windows\Fonts\ARIALNBI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Queries volume information: C:\Windows\Fonts\calibri.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Queries volume information: C:\Windows\Fonts\calibril.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Queries volume information: C:\Windows\Fonts\calibrii.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Queries volume information: C:\Windows\Fonts\calibrili.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Queries volume information: C:\Windows\Fonts\calibrib.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Queries volume information: C:\Windows\Fonts\calibriz.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Queries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Queries volume information: C:\Windows\Fonts\cambriai.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Queries volume information: C:\Windows\Fonts\cambriab.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Queries volume information: C:\Windows\Fonts\cambriaz.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Queries volume information: C:\Windows\Fonts\Candara.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Queries volume information: C:\Windows\Fonts\Candarai.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Queries volume information: C:\Windows\Fonts\Candarab.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Queries volume information: C:\Windows\Fonts\Candaraz.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Queries volume information: C:\Windows\Fonts\comic.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Queries volume information: C:\Windows\Fonts\comici.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Queries volume information: C:\Windows\Fonts\comicbd.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Queries volume information: C:\Windows\Fonts\comicz.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Queries volume information: C:\Windows\Fonts\consola.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Queries volume information: C:\Windows\Fonts\consolai.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Queries volume information: C:\Windows\Fonts\consolab.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Queries volume information: C:\Windows\Fonts\consolaz.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Queries volume information: C:\Windows\Fonts\constan.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Queries volume information: C:\Windows\Fonts\constani.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Queries volume information: C:\Windows\Fonts\constanb.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Queries volume information: C:\Windows\Fonts\constanz.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Queries volume information: C:\Windows\Fonts\corbel.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Queries volume information: C:\Windows\Fonts\corbeli.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Queries volume information: C:\Windows\Fonts\corbelb.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Queries volume information: C:\Windows\Fonts\corbelz.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Queries volume information: C:\Windows\Fonts\cour.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Queries volume information: C:\Windows\Fonts\couri.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Queries volume information: C:\Windows\Fonts\courbd.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Queries volume information: C:\Windows\Fonts\courbi.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Queries volume information: C:\Windows\Fonts\ebrima.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Queries volume information: C:\Windows\Fonts\ebrimabd.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Queries volume information: C:\Windows\Fonts\framd.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Queries volume information: C:\Windows\Fonts\FRADM.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Queries volume information: C:\Windows\Fonts\framdit.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Queries volume information: C:\Windows\Fonts\FRADMIT.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Queries volume information: C:\Windows\Fonts\FRAMDCN.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Queries volume information: C:\Windows\Fonts\FRADMCN.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Queries volume information: C:\Windows\Fonts\FRAHV.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Queries volume information: C:\Windows\Fonts\FRAHVIT.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Queries volume information: C:\Windows\Fonts\Gabriola.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Queries volume information: C:\Windows\Fonts\gadugi.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Queries volume information: C:\Windows\Fonts\gadugib.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Queries volume information: C:\Windows\Fonts\georgia.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Queries volume information: C:\Windows\Fonts\georgiai.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Queries volume information: C:\Windows\Fonts\georgiab.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Queries volume information: C:\Windows\Fonts\georgiaz.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Queries volume information: C:\Windows\Fonts\impact.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Queries volume information: C:\Windows\Fonts\Inkfree.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Queries volume information: C:\Windows\Fonts\javatext.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Queries volume information: C:\Windows\Fonts\LeelawUI.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Queries volume information: C:\Windows\Fonts\LeelUIsl.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Queries volume information: C:\Windows\Fonts\LeelaUIb.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Queries volume information: C:\Windows\Fonts\lucon.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Queries volume information: C:\Windows\Fonts\l_10646.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Queries volume information: C:\Windows\Fonts\malgun.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Queries volume information: C:\Windows\Fonts\malgunsl.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Queries volume information: C:\Windows\Fonts\malgunbd.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Queries volume information: C:\Windows\Fonts\himalaya.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Queries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Queries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Queries volume information: C:\Windows\Fonts\msjhbd.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Queries volume information: C:\Windows\Fonts\ntailu.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Queries volume information: C:\Windows\Fonts\ntailub.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Queries volume information: C:\Windows\Fonts\phagspa.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Queries volume information: C:\Windows\Fonts\phagspab.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Queries volume information: C:\Windows\Fonts\micross.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Queries volume information: C:\Windows\Fonts\taile.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Queries volume information: C:\Windows\Fonts\taileb.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Queries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Queries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Queries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Queries volume information: C:\Windows\Fonts\msyi.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Queries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Queries volume information: C:\Windows\Fonts\monbaiti.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Queries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Queries volume information: C:\Windows\Fonts\mvboli.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Queries volume information: C:\Windows\Fonts\mmrtext.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Queries volume information: C:\Windows\Fonts\mmrtextb.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Queries volume information: C:\Windows\Fonts\Nirmala.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Queries volume information: C:\Windows\Fonts\NirmalaS.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Queries volume information: C:\Windows\Fonts\NirmalaB.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Queries volume information: C:\Windows\Fonts\pala.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Queries volume information: C:\Windows\Fonts\palai.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Queries volume information: C:\Windows\Fonts\palab.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Queries volume information: C:\Windows\Fonts\palabi.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Queries volume information: C:\Windows\Fonts\segoepr.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Queries volume information: C:\Windows\Fonts\segoeprb.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Queries volume information: C:\Windows\Fonts\segoesc.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Queries volume information: C:\Windows\Fonts\segoescb.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Queries volume information: C:\Windows\Fonts\seguiemj.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Queries volume information: C:\Windows\Fonts\seguihis.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Queries volume information: C:\Windows\Fonts\seguisym.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Queries volume information: C:\Windows\Fonts\simsun.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Queries volume information: C:\Windows\Fonts\simsunb.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Queries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Queries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Queries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Queries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Queries volume information: C:\Windows\Fonts\sylfaen.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Queries volume information: C:\Windows\Fonts\symbol.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Queries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Queries volume information: C:\Windows\Fonts\tahomabd.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Queries volume information: C:\Windows\Fonts\trebuc.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Queries volume information: C:\Windows\Fonts\trebucit.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Queries volume information: C:\Windows\Fonts\trebucbd.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Queries volume information: C:\Windows\Fonts\trebucbi.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Queries volume information: C:\Windows\Fonts\verdana.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Queries volume information: C:\Windows\Fonts\verdanai.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Queries volume information: C:\Windows\Fonts\verdanab.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Queries volume information: C:\Windows\Fonts\verdanaz.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Queries volume information: C:\Windows\Fonts\webdings.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Queries volume information: C:\Windows\Fonts\wingding.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Queries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Queries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Queries volume information: C:\Windows\Fonts\YuGothL.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Queries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Queries volume information: C:\Windows\Fonts\holomdl2.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Queries volume information: C:\Windows\Fonts\CENTURY.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Queries volume information: C:\Windows\Fonts\LEELAWAD.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Queries volume information: C:\Windows\Fonts\LEELAWDB.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Queries volume information: C:\Windows\Fonts\MSUIGHUR.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Queries volume information: C:\Windows\Fonts\MSUIGHUB.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Queries volume information: C:\Windows\Fonts\WINGDNG2.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Queries volume information: C:\Windows\Fonts\WINGDNG3.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Queries volume information: C:\Windows\Fonts\TEMPSITC.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Queries volume information: C:\Windows\Fonts\PRISTINA.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Queries volume information: C:\Windows\Fonts\PAPYRUS.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Queries volume information: C:\Windows\Fonts\MISTRAL.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Queries volume information: C:\Windows\Fonts\LHANDW.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Queries volume information: C:\Windows\Fonts\ITCKRIST.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Queries volume information: C:\Windows\Fonts\JUICE___.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Queries volume information: C:\Windows\Fonts\FRSCRIPT.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Queries volume information: C:\Windows\Fonts\FREESCPT.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Queries volume information: C:\Windows\Fonts\BRADHITC.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Queries volume information: C:\Windows\Fonts\OUTLOOK.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Queries volume information: C:\Windows\Fonts\BKANT.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Queries volume information: C:\Windows\Fonts\ANTQUAI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Queries volume information: C:\Windows\Fonts\ANTQUAB.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Queries volume information: C:\Windows\Fonts\ANTQUABI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Queries volume information: C:\Windows\Fonts\GARA.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Queries volume information: C:\Windows\Fonts\GARAIT.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Queries volume information: C:\Windows\Fonts\GARABD.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Queries volume information: C:\Windows\Fonts\MTCORSVA.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Queries volume information: C:\Windows\Fonts\GOTHIC.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Queries volume information: C:\Windows\Fonts\GOTHICI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Queries volume information: C:\Windows\Fonts\GOTHICB.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Queries volume information: C:\Windows\Fonts\GOTHICBI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Queries volume information: C:\Windows\Fonts\ALGER.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Queries volume information: C:\Windows\Fonts\BASKVILL.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Queries volume information: C:\Windows\Fonts\BAUHS93.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Queries volume information: C:\Windows\Fonts\BELL.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Queries volume information: C:\Windows\Fonts\BELLI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Queries volume information: C:\Windows\Fonts\BELLB.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Queries volume information: C:\Windows\Fonts\BRLNSR.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Queries volume information: C:\Windows\Fonts\BRLNSDB.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Queries volume information: C:\Windows\Fonts\BRLNSB.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Queries volume information: C:\Windows\Fonts\BERNHC.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Queries volume information: C:\Windows\Fonts\BOD_PSTC.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Queries volume information: C:\Windows\Fonts\BRITANIC.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Queries volume information: C:\Windows\Fonts\BROADW.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Queries volume information: C:\Windows\Fonts\BRUSHSCI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Queries volume information: C:\Windows\Fonts\CALIFR.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Queries volume information: C:\Windows\Fonts\CALIFI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Queries volume information: C:\Windows\Fonts\CALIFB.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Queries volume information: C:\Windows\Fonts\CENTAUR.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Queries volume information: C:\Windows\Fonts\CHILLER.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Queries volume information: C:\Windows\Fonts\COLONNA.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Queries volume information: C:\Windows\Fonts\COOPBL.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Queries volume information: C:\Windows\Fonts\FTLTLT.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Queries volume information: C:\Windows\Fonts\HARLOWSI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Queries volume information: C:\Windows\Fonts\HARNGTON.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Queries volume information: C:\Windows\Fonts\HTOWERT.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Queries volume information: C:\Windows\Fonts\HTOWERTI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Queries volume information: C:\Windows\Fonts\JOKERMAN.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Queries volume information: C:\Windows\Fonts\KUNSTLER.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Queries volume information: C:\Windows\Fonts\LBRITE.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Queries volume information: C:\Windows\Fonts\LBRITED.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Queries volume information: C:\Windows\Fonts\LBRITEI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Queries volume information: C:\Windows\Fonts\LBRITEDI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Queries volume information: C:\Windows\Fonts\LCALLIG.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Queries volume information: C:\Windows\Fonts\LFAX.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Queries volume information: C:\Windows\Fonts\LFAXD.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Queries volume information: C:\Windows\Fonts\LFAXI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Queries volume information: C:\Windows\Fonts\LFAXDI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Queries volume information: C:\Windows\Fonts\MAGNETOB.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Queries volume information: C:\Windows\Fonts\MATURASC.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Queries volume information: C:\Windows\Fonts\MOD20.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Queries volume information: C:\Windows\Fonts\NIAGENG.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Queries volume information: C:\Windows\Fonts\NIAGSOL.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Queries volume information: C:\Windows\Fonts\OLDENGL.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Queries volume information: C:\Windows\Fonts\ONYX.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Queries volume information: C:\Windows\Fonts\PARCHM.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Queries volume information: C:\Windows\Fonts\PLAYBILL.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Queries volume information: C:\Windows\Fonts\POORICH.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Queries volume information: C:\Windows\Fonts\RAVIE.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Queries volume information: C:\Windows\Fonts\INFROMAN.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Queries volume information: C:\Windows\Fonts\SHOWG.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Queries volume information: C:\Windows\Fonts\SNAP____.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Queries volume information: C:\Windows\Fonts\STENCIL.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Queries volume information: C:\Windows\Fonts\VINERITC.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Queries volume information: C:\Windows\Fonts\VIVALDII.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Queries volume information: C:\Windows\Fonts\VLADIMIR.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Queries volume information: C:\Windows\Fonts\LATINWD.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Queries volume information: C:\Windows\Fonts\TCM_____.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Queries volume information: C:\Windows\Fonts\TCMI____.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Queries volume information: C:\Windows\Fonts\TCB_____.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Queries volume information: C:\Windows\Fonts\TCBI____.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Queries volume information: C:\Windows\Fonts\TCCM____.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Queries volume information: C:\Windows\Fonts\TCCB____.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Queries volume information: C:\Windows\Fonts\TCCEB.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Queries volume information: C:\Windows\Fonts\SCRIPTBL.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Queries volume information: C:\Windows\Fonts\ROCK.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Queries volume information: C:\Windows\Fonts\ROCKI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Queries volume information: C:\Windows\Fonts\ROCKB.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Queries volume information: C:\Windows\Fonts\ROCKEB.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Queries volume information: C:\Windows\Fonts\ROCKBI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Queries volume information: C:\Windows\Fonts\ROCC____.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Queries volume information: C:\Windows\Fonts\ROCCB___.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Queries volume information: C:\Windows\Fonts\RAGE.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Queries volume information: C:\Windows\Fonts\PERTILI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Queries volume information: C:\Windows\Fonts\PERTIBD.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Queries volume information: C:\Windows\Fonts\PER_____.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Queries volume information: C:\Windows\Fonts\PERI____.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Queries volume information: C:\Windows\Fonts\PERB____.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Queries volume information: C:\Windows\Fonts\PERBI___.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Queries volume information: C:\Windows\Fonts\PALSCRI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Queries volume information: C:\Windows\Fonts\OCRAEXT.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Queries volume information: C:\Windows\Fonts\MAIAN.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Queries volume information: C:\Windows\Fonts\LTYPE.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Queries volume information: C:\Windows\Fonts\LTYPEO.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Queries volume information: C:\Windows\Fonts\LTYPEB.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Queries volume information: C:\Windows\Fonts\LTYPEBO.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Queries volume information: C:\Windows\Fonts\LSANS.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Queries volume information: C:\Windows\Fonts\LSANSD.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Queries volume information: C:\Windows\Fonts\LSANSI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Queries volume information: C:\Windows\Fonts\LSANSDI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Queries volume information: C:\Windows\Fonts\IMPRISHA.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Queries volume information: C:\Windows\Fonts\HATTEN.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Queries volume information: C:\Windows\Fonts\GOUDYSTO.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Queries volume information: C:\Windows\Fonts\GOUDOS.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Queries volume information: C:\Windows\Fonts\GOUDOSI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Queries volume information: C:\Windows\Fonts\GOUDOSB.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Queries volume information: C:\Windows\Fonts\GLECB.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Queries volume information: C:\Windows\Fonts\GIL_____.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Queries volume information: C:\Windows\Fonts\GILI____.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Queries volume information: C:\Windows\Fonts\GILB____.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Queries volume information: C:\Windows\Fonts\GILBI___.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Queries volume information: C:\Windows\Fonts\GILC____.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Queries volume information: C:\Windows\Fonts\GLSNECB.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Queries volume information: C:\Windows\Fonts\GIGI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Queries volume information: C:\Windows\Fonts\FRABK.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Queries volume information: C:\Windows\Fonts\FRABKIT.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Queries volume information: C:\Windows\Fonts\FORTE.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Queries volume information: C:\Windows\Fonts\FELIXTI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Queries volume information: C:\Windows\Fonts\ERASMD.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Queries volume information: C:\Windows\Fonts\ERASLGHT.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Queries volume information: C:\Windows\Fonts\ERASDEMI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Queries volume information: C:\Windows\Fonts\ERASBD.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Queries volume information: C:\Windows\Fonts\ENGR.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Queries volume information: C:\Windows\Fonts\ELEPHNT.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Queries volume information: C:\Windows\Fonts\ELEPHNTI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Queries volume information: C:\Windows\Fonts\ITCEDSCR.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Queries volume information: C:\Windows\Fonts\CURLZ___.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Queries volume information: C:\Windows\Fonts\COPRGTL.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Queries volume information: C:\Windows\Fonts\COPRGTB.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Queries volume information: C:\Windows\Fonts\CENSCBK.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Queries volume information: C:\Windows\Fonts\SCHLBKI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Queries volume information: C:\Windows\Fonts\SCHLBKB.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Queries volume information: C:\Windows\Fonts\SCHLBKBI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Queries volume information: C:\Windows\Fonts\CASTELAR.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Queries volume information: C:\Windows\Fonts\CALIST.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Queries volume information: C:\Windows\Fonts\CALISTI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Queries volume information: C:\Windows\Fonts\CALISTB.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Queries volume information: C:\Windows\Fonts\CALISTBI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Queries volume information: C:\Windows\Fonts\BOOKOS.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Queries volume information: C:\Windows\Fonts\BOOKOSB.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Queries volume information: C:\Windows\Fonts\BOOKOSI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Queries volume information: C:\Windows\Fonts\BOOKOSBI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Queries volume information: C:\Windows\Fonts\BOD_R.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Queries volume information: C:\Windows\Fonts\BOD_I.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Queries volume information: C:\Windows\Fonts\BOD_B.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Queries volume information: C:\Windows\Fonts\BOD_BI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Queries volume information: C:\Windows\Fonts\BOD_CR.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Queries volume information: C:\Windows\Fonts\BOD_BLAR.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Queries volume information: C:\Windows\Fonts\BOD_CI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Queries volume information: C:\Windows\Fonts\BOD_CB.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Queries volume information: C:\Windows\Fonts\BOD_BLAI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Queries volume information: C:\Windows\Fonts\BOD_CBI.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Queries volume information: C:\Windows\Fonts\ITCBLKAD.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Queries volume information: C:\Windows\Fonts\ARLRDBD.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Queries volume information: C:\Windows\Fonts\AGENCYR.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Queries volume information: C:\Windows\Fonts\AGENCYB.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Queries volume information: C:\Windows\Fonts\BSSYM7.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Queries volume information: C:\Windows\Fonts\REFSAN.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Queries volume information: C:\Windows\Fonts\REFSPCL.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Queries volume information: C:\Windows\Fonts\MTEXTRA.TTF VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Queries volume information: C:\Windows\Fonts\marlett.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Queries volume information: C:\Windows\Fonts\micross.ttf VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Queries volume information: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation Jump to behavior
Source: C:\Windows\SysWOW64\unarchiver.exe Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid Jump to behavior

Stealing of Sensitive Information:

barindex
Yara detected AgentTesla
Source: Yara match File source: 00000007.00000002.590323403.0000000003481000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match File source: 00000007.00000002.586946181.0000000000402000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match File source: 00000006.00000002.344267324.0000000003FF6000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match File source: Process Memory Space: Szallitasi adatok.exe PID: 7104, type: MEMORY
Source: Yara match File source: Process Memory Space: Szallitasi adatok.exe PID: 7056, type: MEMORY
Source: Yara match File source: 6.2.Szallitasi adatok.exe.4086228.3.unpack, type: UNPACKEDPE
Source: Yara match File source: 7.2.Szallitasi adatok.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 6.2.Szallitasi adatok.exe.4086228.3.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 6.2.Szallitasi adatok.exe.4015208.2.raw.unpack, type: UNPACKEDPE
Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Key opened: HKEY_CURRENT_USER\SOFTWARE\Martin Prikryl\WinSCP 2\Sessions Jump to behavior
Tries to harvest and steal browser information (history, passwords, etc)
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.ini Jump to behavior
Tries to harvest and steal ftp login credentials
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe File opened: C:\Users\user\AppData\Roaming\FileZilla\recentservers.xml Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe File opened: C:\Users\user\AppData\Roaming\SmartFTP\Client 2.0\Favorites\Quick Connect\ Jump to behavior
Tries to steal Mail credentials (via file access)
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe File opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.ini Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe File opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.ini Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Key opened: HKEY_CURRENT_USER\Software\IncrediMail\Identities Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\nqvbpsxm.54s\Szallitasi adatok.exe Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676 Jump to behavior
Yara detected Credential Stealer
Source: Yara match File source: 00000007.00000002.590323403.0000000003481000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match File source: Process Memory Space: Szallitasi adatok.exe PID: 7104, type: MEMORY

Remote Access Functionality:

barindex
Yara detected AgentTesla
Source: Yara match File source: 00000007.00000002.590323403.0000000003481000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match File source: 00000007.00000002.586946181.0000000000402000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match File source: 00000006.00000002.344267324.0000000003FF6000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match File source: Process Memory Space: Szallitasi adatok.exe PID: 7104, type: MEMORY
Source: Yara match File source: Process Memory Space: Szallitasi adatok.exe PID: 7056, type: MEMORY
Source: Yara match File source: 6.2.Szallitasi adatok.exe.4086228.3.unpack, type: UNPACKEDPE
Source: Yara match File source: 7.2.Szallitasi adatok.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 6.2.Szallitasi adatok.exe.4086228.3.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 6.2.Szallitasi adatok.exe.4015208.2.raw.unpack, type: UNPACKEDPE
windows-stand
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 signatures2 2 Behavior Graph ID: 383998 Sample: Szallitasi adatok.tar Startdate: 08/04/2021 Architecture: WINDOWS Score: 100 30 Found malware configuration 2->30 32 Multi AV Scanner detection for dropped file 2->32 34 Yara detected AgentTesla 2->34 36 6 other signatures 2->36 8 unarchiver.exe 5 2->8         started        process3 process4 10 cmd.exe 1 8->10         started        12 7za.exe 2 8->12         started        file5 15 Szallitasi adatok.exe 3 10->15         started        18 conhost.exe 10->18         started        26 C:\Users\user\...\Szallitasi adatok.exe, PE32 12->26 dropped 20 conhost.exe 12->20         started        process6 signatures7 46 Injects a PE file into a foreign processes 15->46 22 Szallitasi adatok.exe 2 15->22         started        process8 dnsIp9 28 smtp.1and1.es 212.227.15.158, 49748, 587 ONEANDONE-ASBrauerstrasse48DE Germany 22->28 38 Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc) 22->38 40 Tries to steal Mail credentials (via file access) 22->40 42 Tries to harvest and steal ftp login credentials 22->42 44 Tries to harvest and steal browser information (history, passwords, etc) 22->44 signatures10
  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs

Contacted Public IPs

IP Domain Country Flag ASN ASN Name Malicious
212.227.15.158
 smtp.1and1.es Germany
8560 ONEANDONE-ASBrauerstrasse48DE false

Contacted Domains

Name IP Active
smtp.1and1.es 212.227.15.158 true