Source: RQF 100021790.exe, 00000003.00000002.471510302.0000000002971000.00000004.00000001.sdmp |
String found in binary or memory: http://127.0.0.1:HTTP/1.1 |
Source: RQF 100021790.exe, 00000003.00000002.471510302.0000000002971000.00000004.00000001.sdmp |
String found in binary or memory: http://BtAllR.com |
Source: RQF 100021790.exe, 00000003.00000002.471510302.0000000002971000.00000004.00000001.sdmp |
String found in binary or memory: http://DynDns.comDynDNS |
Source: RQF 100021790.exe, 00000003.00000002.473589734.0000000002BDD000.00000004.00000001.sdmp |
String found in binary or memory: http://Lt3kEzuSCIaIDgvv.com |
Source: RQF 100021790.exe, 00000003.00000002.474061943.0000000002C46000.00000004.00000001.sdmp |
String found in binary or memory: http://mail.yillyenterprise.com |
Source: RQF 100021790.exe, 00000003.00000002.474061943.0000000002C46000.00000004.00000001.sdmp |
String found in binary or memory: http://yillyenterprise.com |
Source: RQF 100021790.exe, 00000000.00000002.207282678.0000000003F89000.00000004.00000001.sdmp, RQF 100021790.exe, 00000003.00000002.466065951.0000000000402000.00000040.00000001.sdmp |
String found in binary or memory: https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip |
Source: RQF 100021790.exe, 00000003.00000002.471510302.0000000002971000.00000004.00000001.sdmp |
String found in binary or memory: https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip%tordir%%ha |
Source: C:\Users\user\Desktop\RQF 100021790.exe |
Code function: 0_2_00BC929D |
0_2_00BC929D |
Source: C:\Users\user\Desktop\RQF 100021790.exe |
Code function: 0_2_014DC164 |
0_2_014DC164 |
Source: C:\Users\user\Desktop\RQF 100021790.exe |
Code function: 0_2_014DE5A0 |
0_2_014DE5A0 |
Source: C:\Users\user\Desktop\RQF 100021790.exe |
Code function: 0_2_014DE5B0 |
0_2_014DE5B0 |
Source: C:\Users\user\Desktop\RQF 100021790.exe |
Code function: 0_2_00BC9BE6 |
0_2_00BC9BE6 |
Source: C:\Users\user\Desktop\RQF 100021790.exe |
Code function: 2_2_0001929D |
2_2_0001929D |
Source: C:\Users\user\Desktop\RQF 100021790.exe |
Code function: 2_2_00019BE6 |
2_2_00019BE6 |
Source: C:\Users\user\Desktop\RQF 100021790.exe |
Code function: 3_2_0053929D |
3_2_0053929D |
Source: C:\Users\user\Desktop\RQF 100021790.exe |
Code function: 3_2_027F46A0 |
3_2_027F46A0 |
Source: C:\Users\user\Desktop\RQF 100021790.exe |
Code function: 3_2_027F45B0 |
3_2_027F45B0 |
Source: C:\Users\user\Desktop\RQF 100021790.exe |
Code function: 3_2_027FDA00 |
3_2_027FDA00 |
Source: C:\Users\user\Desktop\RQF 100021790.exe |
Code function: 3_2_05C77540 |
3_2_05C77540 |
Source: C:\Users\user\Desktop\RQF 100021790.exe |
Code function: 3_2_05C794F8 |
3_2_05C794F8 |
Source: C:\Users\user\Desktop\RQF 100021790.exe |
Code function: 3_2_05C76C70 |
3_2_05C76C70 |
Source: C:\Users\user\Desktop\RQF 100021790.exe |
Code function: 3_2_05C76928 |
3_2_05C76928 |
Source: C:\Users\user\Desktop\RQF 100021790.exe |
Code function: 3_2_05F326B8 |
3_2_05F326B8 |
Source: C:\Users\user\Desktop\RQF 100021790.exe |
Code function: 3_2_05F3A1A0 |
3_2_05F3A1A0 |
Source: C:\Users\user\Desktop\RQF 100021790.exe |
Code function: 3_2_05F3AC49 |
3_2_05F3AC49 |
Source: C:\Users\user\Desktop\RQF 100021790.exe |
Code function: 3_2_05F3F4B0 |
3_2_05F3F4B0 |
Source: C:\Users\user\Desktop\RQF 100021790.exe |
Code function: 3_2_05F38C50 |
3_2_05F38C50 |
Source: C:\Users\user\Desktop\RQF 100021790.exe |
Code function: 3_2_05F5A7D0 |
3_2_05F5A7D0 |
Source: C:\Users\user\Desktop\RQF 100021790.exe |
Code function: 3_2_05F57E20 |
3_2_05F57E20 |
Source: C:\Users\user\Desktop\RQF 100021790.exe |
Code function: 3_2_05F5007A |
3_2_05F5007A |
Source: C:\Users\user\Desktop\RQF 100021790.exe |
Code function: 3_2_05F5AF30 |
3_2_05F5AF30 |
Source: C:\Users\user\Desktop\RQF 100021790.exe |
Code function: 3_2_05F5E818 |
3_2_05F5E818 |
Source: C:\Users\user\Desktop\RQF 100021790.exe |
Code function: 3_2_05F552D0 |
3_2_05F552D0 |
Source: C:\Users\user\Desktop\RQF 100021790.exe |
Code function: 3_2_00539BE6 |
3_2_00539BE6 |
Source: RQF 100021790.exe, 00000000.00000002.206602241.0000000000C6E000.00000002.00020000.sdmp |
Binary or memory string: OriginalFilenamewuF vs RQF 100021790.exe |
Source: RQF 100021790.exe, 00000000.00000002.210669766.00000000061A1000.00000004.00000001.sdmp |
Binary or memory string: OriginalFilenameMajorRevision.exe< vs RQF 100021790.exe |
Source: RQF 100021790.exe, 00000000.00000002.210669766.00000000061A1000.00000004.00000001.sdmp |
Binary or memory string: OriginalFilenameexoUqrJZudHREjogRnRvJGlrAcwRCcAwmeAsDDz.exe4 vs RQF 100021790.exe |
Source: RQF 100021790.exe, 00000000.00000002.207175183.0000000002F61000.00000004.00000001.sdmp |
Binary or memory string: OriginalFilenameMetroFramework.dll> vs RQF 100021790.exe |
Source: RQF 100021790.exe, 00000002.00000002.205016490.00000000000BE000.00000002.00020000.sdmp |
Binary or memory string: OriginalFilenamewuF vs RQF 100021790.exe |
Source: RQF 100021790.exe, 00000003.00000002.467328872.0000000000978000.00000004.00000001.sdmp |
Binary or memory string: OriginalFilenameUNKNOWN_FILET vs RQF 100021790.exe |
Source: RQF 100021790.exe, 00000003.00000002.466065951.0000000000402000.00000040.00000001.sdmp |
Binary or memory string: OriginalFilenameexoUqrJZudHREjogRnRvJGlrAcwRCcAwmeAsDDz.exe4 vs RQF 100021790.exe |
Source: RQF 100021790.exe, 00000003.00000000.205748466.00000000005DE000.00000002.00020000.sdmp |
Binary or memory string: OriginalFilenamewuF vs RQF 100021790.exe |
Source: RQF 100021790.exe, 00000003.00000002.470208674.0000000000E90000.00000002.00000001.sdmp |
Binary or memory string: OriginalFilenamewshom.ocx.mui vs RQF 100021790.exe |
Source: RQF 100021790.exe, 00000003.00000002.470101404.0000000000E10000.00000002.00000001.sdmp |
Binary or memory string: OriginalFilenamemscorrc.dllT vs RQF 100021790.exe |
Source: RQF 100021790.exe, 00000003.00000002.470191907.0000000000E80000.00000002.00000001.sdmp |
Binary or memory string: OriginalFilenamewshom.ocx vs RQF 100021790.exe |
Source: RQF 100021790.exe |
Binary or memory string: OriginalFilenamewuF vs RQF 100021790.exe |
Source: C:\Users\user\Desktop\RQF 100021790.exe |
Code function: 0_2_00BCB02F push cs; iretd |
0_2_00BCB032 |
Source: C:\Users\user\Desktop\RQF 100021790.exe |
Code function: 0_2_00BCAEE0 push cs; iretd |
0_2_00BCAEE2 |
Source: C:\Users\user\Desktop\RQF 100021790.exe |
Code function: 0_2_00BCB023 push cs; iretd |
0_2_00BCB024 |
Source: C:\Users\user\Desktop\RQF 100021790.exe |
Code function: 2_2_0001AEE0 push cs; iretd |
2_2_0001AEE2 |
Source: C:\Users\user\Desktop\RQF 100021790.exe |
Code function: 2_2_0001B023 push cs; iretd |
2_2_0001B024 |
Source: C:\Users\user\Desktop\RQF 100021790.exe |
Code function: 2_2_0001B02F push cs; iretd |
2_2_0001B032 |
Source: C:\Users\user\Desktop\RQF 100021790.exe |
Code function: 3_2_0053B023 push cs; iretd |
3_2_0053B024 |
Source: C:\Users\user\Desktop\RQF 100021790.exe |
Code function: 3_2_0053AEE0 push cs; iretd |
3_2_0053AEE2 |
Source: C:\Users\user\Desktop\RQF 100021790.exe |
Code function: 3_2_0053B02F push cs; iretd |
3_2_0053B032 |
Source: C:\Users\user\Desktop\RQF 100021790.exe |
Code function: 3_2_027F8BED push ebx; retf 0000h |
3_2_027F8C02 |
Source: C:\Users\user\Desktop\RQF 100021790.exe |
Code function: 3_2_027F8C27 push ebx; retf 0000h |
3_2_027F8C32 |
Source: C:\Users\user\Desktop\RQF 100021790.exe |
Code function: 3_2_05C725C7 push ebx; retn 0005h |
3_2_05C725D2 |
Source: C:\Users\user\Desktop\RQF 100021790.exe |
Code function: 3_2_05C725D7 push esp; retn 0005h |
3_2_05C725E2 |
Source: C:\Users\user\Desktop\RQF 100021790.exe |
Code function: 3_2_05C725E7 push edx; retn 0005h |
3_2_05C725B2 |
Source: C:\Users\user\Desktop\RQF 100021790.exe |
Code function: 3_2_05C725E7 push ebp; retn 0005h |
3_2_05C725F2 |
Source: C:\Users\user\Desktop\RQF 100021790.exe |
Code function: 3_2_05C725F7 push ebp; retn 0005h |
3_2_05C72602 |
Source: C:\Users\user\Desktop\RQF 100021790.exe |
Code function: 3_2_05C72597 push ecx; retn 0005h |
3_2_05C725A2 |
Source: C:\Users\user\Desktop\RQF 100021790.exe |
Code function: 3_2_05C725A7 push edx; retn 0005h |
3_2_05C725B2 |
Source: C:\Users\user\Desktop\RQF 100021790.exe |
Code function: 3_2_05C725B7 push ebx; retn 0005h |
3_2_05C725C2 |
Source: C:\Users\user\Desktop\RQF 100021790.exe |
Code function: 3_2_05C7257B push eax; retn 0005h |
3_2_05C72582 |
Source: C:\Users\user\Desktop\RQF 100021790.exe |
Code function: 3_2_05C7571F pushad ; retn 0005h |
3_2_05C7572A |
Source: C:\Users\user\Desktop\RQF 100021790.exe |
Code function: 3_2_05C7572F pushad ; retn 0005h |
3_2_05C7573A |
Source: C:\Users\user\Desktop\RQF 100021790.exe |
Code function: 3_2_05C72657 push edi; retn 0005h |
3_2_05C72622 |
Source: C:\Users\user\Desktop\RQF 100021790.exe |
Code function: 3_2_05C7260A push esi; retn 0005h |
3_2_05C72612 |
Source: C:\Users\user\Desktop\RQF 100021790.exe |
Code function: 3_2_05C72617 push edi; retn 0005h |
3_2_05C72622 |
Source: C:\Users\user\Desktop\RQF 100021790.exe |
Code function: 3_2_05F534EC push eax; retf |
3_2_05F534ED |
Source: C:\Users\user\Desktop\RQF 100021790.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\RQF 100021790.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\RQF 100021790.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\RQF 100021790.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\RQF 100021790.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\RQF 100021790.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\RQF 100021790.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\RQF 100021790.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\RQF 100021790.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\RQF 100021790.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\RQF 100021790.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\RQF 100021790.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\RQF 100021790.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\RQF 100021790.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\RQF 100021790.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\RQF 100021790.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\RQF 100021790.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\RQF 100021790.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\RQF 100021790.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\RQF 100021790.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\RQF 100021790.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\RQF 100021790.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\RQF 100021790.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\RQF 100021790.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\RQF 100021790.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\RQF 100021790.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\RQF 100021790.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\RQF 100021790.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\RQF 100021790.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\RQF 100021790.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\RQF 100021790.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\RQF 100021790.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\RQF 100021790.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\RQF 100021790.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\RQF 100021790.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\RQF 100021790.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\RQF 100021790.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\RQF 100021790.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\RQF 100021790.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\RQF 100021790.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\RQF 100021790.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\RQF 100021790.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\RQF 100021790.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\RQF 100021790.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\RQF 100021790.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\RQF 100021790.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\RQF 100021790.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\RQF 100021790.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\RQF 100021790.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\RQF 100021790.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\RQF 100021790.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\RQF 100021790.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\RQF 100021790.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\RQF 100021790.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\RQF 100021790.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\RQF 100021790.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\RQF 100021790.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\RQF 100021790.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\RQF 100021790.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\RQF 100021790.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\RQF 100021790.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\RQF 100021790.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\RQF 100021790.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\RQF 100021790.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\RQF 100021790.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\RQF 100021790.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\RQF 100021790.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\RQF 100021790.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\RQF 100021790.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\RQF 100021790.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\RQF 100021790.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\RQF 100021790.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\RQF 100021790.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\RQF 100021790.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\RQF 100021790.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\RQF 100021790.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\RQF 100021790.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\RQF 100021790.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\RQF 100021790.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\RQF 100021790.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: RQF 100021790.exe, 00000000.00000002.211322093.000000000663E000.00000004.00000001.sdmp |
Binary or memory string: VMware SVGA IIOData Source=localhost\sqlexpress;Initial Catalog=dbSMS;Integrated Security=True |
Source: RQF 100021790.exe, 00000000.00000002.211322093.000000000663E000.00000004.00000001.sdmp |
Binary or memory string: vmware |
Source: RQF 100021790.exe, 00000000.00000002.211322093.000000000663E000.00000004.00000001.sdmp |
Binary or memory string: C:\PROGRAM FILES\VMWARE\VMWARE TOOLS\ |
Source: RQF 100021790.exe, 00000000.00000002.211322093.000000000663E000.00000004.00000001.sdmp |
Binary or memory string: SOFTWARE\VMware, Inc.\VMware Tools |
Source: RQF 100021790.exe, 00000000.00000002.211322093.000000000663E000.00000004.00000001.sdmp |
Binary or memory string: VMWARE |
Source: RQF 100021790.exe, 00000000.00000002.211322093.000000000663E000.00000004.00000001.sdmp |
Binary or memory string: InstallPath%C:\PROGRAM FILES\VMWARE\VMWARE TOOLS\ |
Source: RQF 100021790.exe, 00000000.00000002.211322093.000000000663E000.00000004.00000001.sdmp |
Binary or memory string: VMWARE"SOFTWARE\VMware, Inc.\VMware ToolsLHARDWARE\DEVICEMAP\Scsi\Scsi Port 1\Scsi Bus 0\Target Id 0\Logical Unit Id 0LHARDWARE\DEVICEMAP\Scsi\Scsi Port 2\Scsi Bus 0\Target Id 0\Logical Unit Id 0'SYSTEM\ControlSet001\Services\Disk\Enum |
Source: RQF 100021790.exe, 00000000.00000002.211322093.000000000663E000.00000004.00000001.sdmp |
Binary or memory string: VMware SVGA II |
Source: RQF 100021790.exe, 00000000.00000002.211322093.000000000663E000.00000004.00000001.sdmp |
Binary or memory string: vmwareNSYSTEM\ControlSet001\Control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}\0000 |
Source: C:\Users\user\Desktop\RQF 100021790.exe |
Queries volume information: C:\Users\user\Desktop\RQF 100021790.exe VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\RQF 100021790.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\RQF 100021790.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\RQF 100021790.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\RQF 100021790.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\RQF 100021790.exe |
Queries volume information: C:\Users\user\Desktop\RQF 100021790.exe VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\RQF 100021790.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\RQF 100021790.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\RQF 100021790.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\RQF 100021790.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\RQF 100021790.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\RQF 100021790.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\RQF 100021790.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\RQF 100021790.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation |
Jump to behavior |
Source: Yara match |
File source: 00000003.00000002.466065951.0000000000402000.00000040.00000001.sdmp, type: MEMORY |
Source: Yara match |
File source: 00000000.00000002.207282678.0000000003F89000.00000004.00000001.sdmp, type: MEMORY |
Source: Yara match |
File source: Process Memory Space: RQF 100021790.exe PID: 5380, type: MEMORY |
Source: Yara match |
File source: Process Memory Space: RQF 100021790.exe PID: 6020, type: MEMORY |
Source: Yara match |
File source: 3.2.RQF 100021790.exe.400000.0.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 0.2.RQF 100021790.exe.41acc10.2.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 0.2.RQF 100021790.exe.41acc10.2.raw.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 00000003.00000002.466065951.0000000000402000.00000040.00000001.sdmp, type: MEMORY |
Source: Yara match |
File source: 00000000.00000002.207282678.0000000003F89000.00000004.00000001.sdmp, type: MEMORY |
Source: Yara match |
File source: Process Memory Space: RQF 100021790.exe PID: 5380, type: MEMORY |
Source: Yara match |
File source: Process Memory Space: RQF 100021790.exe PID: 6020, type: MEMORY |
Source: Yara match |
File source: 3.2.RQF 100021790.exe.400000.0.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 0.2.RQF 100021790.exe.41acc10.2.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 0.2.RQF 100021790.exe.41acc10.2.raw.unpack, type: UNPACKEDPE |