Source: lT2TTQACRLGKK8w.exe, 00000002.00000002.912431014.0000000002A21000.00000004.00000001.sdmp |
String found in binary or memory: http://127.0.0.1:HTTP/1.1 |
Source: lT2TTQACRLGKK8w.exe, 00000002.00000002.912431014.0000000002A21000.00000004.00000001.sdmp |
String found in binary or memory: http://DynDns.comDynDNS |
Source: lT2TTQACRLGKK8w.exe, 00000002.00000002.912431014.0000000002A21000.00000004.00000001.sdmp |
String found in binary or memory: http://NdOlex.com |
Source: lT2TTQACRLGKK8w.exe, 00000002.00000003.869228156.0000000000FA7000.00000004.00000001.sdmp |
String found in binary or memory: http://apps.identrust.com/roots/dstrootcax3.p7c0 |
Source: lT2TTQACRLGKK8w.exe, 00000002.00000003.869228156.0000000000FA7000.00000004.00000001.sdmp |
String found in binary or memory: http://cps.letsencrypt.org0 |
Source: lT2TTQACRLGKK8w.exe, 00000002.00000003.869228156.0000000000FA7000.00000004.00000001.sdmp |
String found in binary or memory: http://cps.root-x1.letsencrypt.org0 |
Source: lT2TTQACRLGKK8w.exe, 00000002.00000003.869228156.0000000000FA7000.00000004.00000001.sdmp |
String found in binary or memory: http://crl.identrust.com/DSTROOTCAX3CRL.crl0 |
Source: lT2TTQACRLGKK8w.exe, 00000002.00000002.912109224.0000000000F03000.00000004.00000020.sdmp |
String found in binary or memory: http://go.microsoft.cz |
Source: lT2TTQACRLGKK8w.exe, 00000002.00000002.912804837.0000000002D88000.00000004.00000001.sdmp |
String found in binary or memory: http://iykmoreentrprise.org |
Source: lT2TTQACRLGKK8w.exe, 00000002.00000002.912804837.0000000002D88000.00000004.00000001.sdmp |
String found in binary or memory: http://mail.iykmoreentrprise.org |
Source: lT2TTQACRLGKK8w.exe, 00000002.00000003.869228156.0000000000FA7000.00000004.00000001.sdmp |
String found in binary or memory: http://r3.i.lencr.org/0 |
Source: lT2TTQACRLGKK8w.exe, 00000002.00000003.869228156.0000000000FA7000.00000004.00000001.sdmp |
String found in binary or memory: http://r3.o.lencr.org0 |
Source: lT2TTQACRLGKK8w.exe, 00000000.00000002.655099093.0000000003121000.00000004.00000001.sdmp |
String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name |
Source: lT2TTQACRLGKK8w.exe |
String found in binary or memory: http://vbcity.com/forums/t/51894.aspx |
Source: lT2TTQACRLGKK8w.exe, 00000002.00000002.912431014.0000000002A21000.00000004.00000001.sdmp |
String found in binary or memory: https://api.ipify.org%$ |
Source: lT2TTQACRLGKK8w.exe, 00000002.00000002.912431014.0000000002A21000.00000004.00000001.sdmp |
String found in binary or memory: https://api.ipify.org%GETMozilla/5.0 |
Source: lT2TTQACRLGKK8w.exe |
String found in binary or memory: https://github.com/MrCylops |
Source: lT2TTQACRLGKK8w.exe, 00000000.00000002.655179728.0000000003174000.00000004.00000001.sdmp |
String found in binary or memory: https://stackpath.bootstrapcdn.com/bootstrap/4.5.0/css/bootstrap.min.css |
Source: lT2TTQACRLGKK8w.exe, 00000002.00000002.912725062.0000000002D32000.00000004.00000001.sdmp, lT2TTQACRLGKK8w.exe, 00000002.00000002.912880410.0000000002DB5000.00000004.00000001.sdmp, lT2TTQACRLGKK8w.exe, 00000002.00000002.912771188.0000000002D7E000.00000004.00000001.sdmp, lT2TTQACRLGKK8w.exe, 00000002.00000002.912865775.0000000002DAD000.00000004.00000001.sdmp |
String found in binary or memory: https://wl0H8jlTH4n9kj.org |
Source: lT2TTQACRLGKK8w.exe, 00000000.00000002.656573147.0000000004129000.00000004.00000001.sdmp, lT2TTQACRLGKK8w.exe, 00000002.00000002.911137710.0000000000402000.00000040.00000001.sdmp |
String found in binary or memory: https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip |
Source: lT2TTQACRLGKK8w.exe, 00000002.00000002.912431014.0000000002A21000.00000004.00000001.sdmp |
String found in binary or memory: https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip%tordir%%ha |
Source: C:\Users\user\Desktop\lT2TTQACRLGKK8w.exe |
Code function: 0_2_00CBA1D3 |
0_2_00CBA1D3 |
Source: C:\Users\user\Desktop\lT2TTQACRLGKK8w.exe |
Code function: 0_2_0162C2B0 |
0_2_0162C2B0 |
Source: C:\Users\user\Desktop\lT2TTQACRLGKK8w.exe |
Code function: 0_2_01629990 |
0_2_01629990 |
Source: C:\Users\user\Desktop\lT2TTQACRLGKK8w.exe |
Code function: 0_2_0B978BF8 |
0_2_0B978BF8 |
Source: C:\Users\user\Desktop\lT2TTQACRLGKK8w.exe |
Code function: 0_2_0B977960 |
0_2_0B977960 |
Source: C:\Users\user\Desktop\lT2TTQACRLGKK8w.exe |
Code function: 0_2_0B9762E8 |
0_2_0B9762E8 |
Source: C:\Users\user\Desktop\lT2TTQACRLGKK8w.exe |
Code function: 0_2_0B9709A8 |
0_2_0B9709A8 |
Source: C:\Users\user\Desktop\lT2TTQACRLGKK8w.exe |
Code function: 0_2_0B971918 |
0_2_0B971918 |
Source: C:\Users\user\Desktop\lT2TTQACRLGKK8w.exe |
Code function: 0_2_0B971928 |
0_2_0B971928 |
Source: C:\Users\user\Desktop\lT2TTQACRLGKK8w.exe |
Code function: 0_2_0B970944 |
0_2_0B970944 |
Source: C:\Users\user\Desktop\lT2TTQACRLGKK8w.exe |
Code function: 0_2_0B970FEC |
0_2_0B970FEC |
Source: C:\Users\user\Desktop\lT2TTQACRLGKK8w.exe |
Code function: 0_2_0B975F18 |
0_2_0B975F18 |
Source: C:\Users\user\Desktop\lT2TTQACRLGKK8w.exe |
Code function: 0_2_0B975F28 |
0_2_0B975F28 |
Source: C:\Users\user\Desktop\lT2TTQACRLGKK8w.exe |
Code function: 0_2_0B971E51 |
0_2_0B971E51 |
Source: C:\Users\user\Desktop\lT2TTQACRLGKK8w.exe |
Code function: 0_2_0B971E60 |
0_2_0B971E60 |
Source: C:\Users\user\Desktop\lT2TTQACRLGKK8w.exe |
Code function: 0_2_0B973399 |
0_2_0B973399 |
Source: C:\Users\user\Desktop\lT2TTQACRLGKK8w.exe |
Code function: 0_2_0B9733A8 |
0_2_0B9733A8 |
Source: C:\Users\user\Desktop\lT2TTQACRLGKK8w.exe |
Code function: 0_2_0B9762D8 |
0_2_0B9762D8 |
Source: C:\Users\user\Desktop\lT2TTQACRLGKK8w.exe |
Code function: 0_2_0B972180 |
0_2_0B972180 |
Source: C:\Users\user\Desktop\lT2TTQACRLGKK8w.exe |
Code function: 0_2_0B972171 |
0_2_0B972171 |
Source: C:\Users\user\Desktop\lT2TTQACRLGKK8w.exe |
Code function: 0_2_0B976589 |
0_2_0B976589 |
Source: C:\Users\user\Desktop\lT2TTQACRLGKK8w.exe |
Code function: 0_2_0B976523 |
0_2_0B976523 |
Source: C:\Users\user\Desktop\lT2TTQACRLGKK8w.exe |
Code function: 0_2_0B974410 |
0_2_0B974410 |
Source: C:\Users\user\Desktop\lT2TTQACRLGKK8w.exe |
Code function: 0_2_0B974400 |
0_2_0B974400 |
Source: C:\Users\user\Desktop\lT2TTQACRLGKK8w.exe |
Code function: 0_2_0B97242B |
0_2_0B97242B |
Source: C:\Users\user\Desktop\lT2TTQACRLGKK8w.exe |
Code function: 0_2_00CBA42F |
0_2_00CBA42F |
Source: C:\Users\user\Desktop\lT2TTQACRLGKK8w.exe |
Code function: 2_2_006FA1D3 |
2_2_006FA1D3 |
Source: C:\Users\user\Desktop\lT2TTQACRLGKK8w.exe |
Code function: 2_2_00C88060 |
2_2_00C88060 |
Source: C:\Users\user\Desktop\lT2TTQACRLGKK8w.exe |
Code function: 2_2_00C81B50 |
2_2_00C81B50 |
Source: C:\Users\user\Desktop\lT2TTQACRLGKK8w.exe |
Code function: 2_2_00C84310 |
2_2_00C84310 |
Source: C:\Users\user\Desktop\lT2TTQACRLGKK8w.exe |
Code function: 2_2_00C866E8 |
2_2_00C866E8 |
Source: C:\Users\user\Desktop\lT2TTQACRLGKK8w.exe |
Code function: 2_2_00C89D58 |
2_2_00C89D58 |
Source: C:\Users\user\Desktop\lT2TTQACRLGKK8w.exe |
Code function: 2_2_00C8E720 |
2_2_00C8E720 |
Source: C:\Users\user\Desktop\lT2TTQACRLGKK8w.exe |
Code function: 2_2_00EC46A0 |
2_2_00EC46A0 |
Source: C:\Users\user\Desktop\lT2TTQACRLGKK8w.exe |
Code function: 2_2_00EC4690 |
2_2_00EC4690 |
Source: C:\Users\user\Desktop\lT2TTQACRLGKK8w.exe |
Code function: 2_2_00EC4672 |
2_2_00EC4672 |
Source: C:\Users\user\Desktop\lT2TTQACRLGKK8w.exe |
Code function: 2_2_006FA42F |
2_2_006FA42F |
Source: lT2TTQACRLGKK8w.exe, 00000000.00000000.645706234.0000000000D5C000.00000002.00020000.sdmp |
Binary or memory string: OriginalFilenameUnauthorizedAccessException.exe> vs lT2TTQACRLGKK8w.exe |
Source: lT2TTQACRLGKK8w.exe, 00000000.00000002.655099093.0000000003121000.00000004.00000001.sdmp |
Binary or memory string: OriginalFilenameSimpleUI.dll( vs lT2TTQACRLGKK8w.exe |
Source: lT2TTQACRLGKK8w.exe, 00000000.00000002.655099093.0000000003121000.00000004.00000001.sdmp |
Binary or memory string: OriginalFilenameBEpnzqbDkEzvjXIwxhKwj.exe4 vs lT2TTQACRLGKK8w.exe |
Source: lT2TTQACRLGKK8w.exe, 00000000.00000002.659378273.00000000063B0000.00000004.00000001.sdmp |
Binary or memory string: OriginalFilenameDSASignature.dll@ vs lT2TTQACRLGKK8w.exe |
Source: lT2TTQACRLGKK8w.exe, 00000002.00000002.911137710.0000000000402000.00000040.00000001.sdmp |
Binary or memory string: OriginalFilenameBEpnzqbDkEzvjXIwxhKwj.exe4 vs lT2TTQACRLGKK8w.exe |
Source: lT2TTQACRLGKK8w.exe, 00000002.00000002.911283055.000000000079C000.00000002.00020000.sdmp |
Binary or memory string: OriginalFilenameUnauthorizedAccessException.exe> vs lT2TTQACRLGKK8w.exe |
Source: lT2TTQACRLGKK8w.exe, 00000002.00000002.911346617.0000000000B38000.00000004.00000001.sdmp |
Binary or memory string: OriginalFilenameUNKNOWN_FILET vs lT2TTQACRLGKK8w.exe |
Source: lT2TTQACRLGKK8w.exe, 00000002.00000002.912036273.0000000000ED8000.00000004.00000020.sdmp |
Binary or memory string: OriginalFilenameclr.dllT vs lT2TTQACRLGKK8w.exe |
Source: lT2TTQACRLGKK8w.exe, 00000002.00000002.915794812.0000000006330000.00000002.00000001.sdmp |
Binary or memory string: OriginalFilenamemscorrc.dllT vs lT2TTQACRLGKK8w.exe |
Source: lT2TTQACRLGKK8w.exe |
Binary or memory string: OriginalFilenameUnauthorizedAccessException.exe> vs lT2TTQACRLGKK8w.exe |
Source: lT2TTQACRLGKK8w.exe, 00000000.00000002.655179728.0000000003174000.00000004.00000001.sdmp |
Binary or memory string: Select * from Clientes WHERE id=@id;; |
Source: lT2TTQACRLGKK8w.exe, 00000000.00000002.655179728.0000000003174000.00000004.00000001.sdmp |
Binary or memory string: Select * from Aluguel Erro ao listar Banco sql-Aluguel.INSERT INTO Aluguel VALUES(@clienteID, @data); |
Source: lT2TTQACRLGKK8w.exe, 00000000.00000002.655179728.0000000003174000.00000004.00000001.sdmp |
Binary or memory string: Select * from SecurityLogonType WHERE id=@id; |
Source: lT2TTQACRLGKK8w.exe, 00000000.00000002.655179728.0000000003174000.00000004.00000001.sdmp |
Binary or memory string: Select * from SecurityLogonType WHERE modelo=@modelo; |
Source: lT2TTQACRLGKK8w.exe, 00000000.00000002.655179728.0000000003174000.00000004.00000001.sdmp |
Binary or memory string: INSERT INTO Itens_Aluguel VALUES(@aluguelID, @aviaoID, @validade); |
Source: lT2TTQACRLGKK8w.exe, 00000000.00000002.655179728.0000000003174000.00000004.00000001.sdmp |
Binary or memory string: Insert into Clientes values (@nome, @cpf, @rg, @cidade, @endereco, @uf, @telefone); |
Source: lT2TTQACRLGKK8w.exe, 00000000.00000002.655179728.0000000003174000.00000004.00000001.sdmp |
Binary or memory string: INSERT INTO Aluguel VALUES(@clienteID, @data); |
Source: lT2TTQACRLGKK8w.exe, 00000000.00000002.655179728.0000000003174000.00000004.00000001.sdmp |
Binary or memory string: INSERT INTO SecurityLogonType VALUES(@modelo, @fabricante, @ano, @cor); |
Source: lT2TTQACRLGKK8w.exe, 00000000.00000002.655179728.0000000003174000.00000004.00000001.sdmp |
Binary or memory string: Select * from SecurityLogonType*Erro ao listar Banco sql-SecurityLogonType,Select * from SecurityLogonType WHERE id=@id;Select * from SecurityLogonType WHERE (modelo LIKE @modelo) |
Source: C:\Users\user\Desktop\lT2TTQACRLGKK8w.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\lT2TTQACRLGKK8w.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\lT2TTQACRLGKK8w.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\lT2TTQACRLGKK8w.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\lT2TTQACRLGKK8w.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\lT2TTQACRLGKK8w.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\lT2TTQACRLGKK8w.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\lT2TTQACRLGKK8w.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\lT2TTQACRLGKK8w.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\lT2TTQACRLGKK8w.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\lT2TTQACRLGKK8w.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\lT2TTQACRLGKK8w.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\lT2TTQACRLGKK8w.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\lT2TTQACRLGKK8w.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\lT2TTQACRLGKK8w.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\lT2TTQACRLGKK8w.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\lT2TTQACRLGKK8w.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\lT2TTQACRLGKK8w.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\lT2TTQACRLGKK8w.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\lT2TTQACRLGKK8w.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\lT2TTQACRLGKK8w.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\lT2TTQACRLGKK8w.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\lT2TTQACRLGKK8w.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\lT2TTQACRLGKK8w.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\lT2TTQACRLGKK8w.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\lT2TTQACRLGKK8w.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\lT2TTQACRLGKK8w.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\lT2TTQACRLGKK8w.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\lT2TTQACRLGKK8w.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\lT2TTQACRLGKK8w.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\lT2TTQACRLGKK8w.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\lT2TTQACRLGKK8w.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\lT2TTQACRLGKK8w.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\lT2TTQACRLGKK8w.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\lT2TTQACRLGKK8w.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\lT2TTQACRLGKK8w.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\lT2TTQACRLGKK8w.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\lT2TTQACRLGKK8w.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\lT2TTQACRLGKK8w.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\lT2TTQACRLGKK8w.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\lT2TTQACRLGKK8w.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\lT2TTQACRLGKK8w.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\lT2TTQACRLGKK8w.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\lT2TTQACRLGKK8w.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\lT2TTQACRLGKK8w.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\lT2TTQACRLGKK8w.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\lT2TTQACRLGKK8w.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\lT2TTQACRLGKK8w.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\lT2TTQACRLGKK8w.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\lT2TTQACRLGKK8w.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\lT2TTQACRLGKK8w.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\lT2TTQACRLGKK8w.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\lT2TTQACRLGKK8w.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\lT2TTQACRLGKK8w.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\lT2TTQACRLGKK8w.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\lT2TTQACRLGKK8w.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\lT2TTQACRLGKK8w.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\lT2TTQACRLGKK8w.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\lT2TTQACRLGKK8w.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\lT2TTQACRLGKK8w.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\lT2TTQACRLGKK8w.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\lT2TTQACRLGKK8w.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\lT2TTQACRLGKK8w.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\lT2TTQACRLGKK8w.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\lT2TTQACRLGKK8w.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\lT2TTQACRLGKK8w.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\lT2TTQACRLGKK8w.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\lT2TTQACRLGKK8w.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\lT2TTQACRLGKK8w.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\lT2TTQACRLGKK8w.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\lT2TTQACRLGKK8w.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\lT2TTQACRLGKK8w.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\lT2TTQACRLGKK8w.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\lT2TTQACRLGKK8w.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\lT2TTQACRLGKK8w.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\lT2TTQACRLGKK8w.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\lT2TTQACRLGKK8w.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\lT2TTQACRLGKK8w.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\lT2TTQACRLGKK8w.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\lT2TTQACRLGKK8w.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\lT2TTQACRLGKK8w.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\lT2TTQACRLGKK8w.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\lT2TTQACRLGKK8w.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\lT2TTQACRLGKK8w.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\lT2TTQACRLGKK8w.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: lT2TTQACRLGKK8w.exe, 00000000.00000002.655179728.0000000003174000.00000004.00000001.sdmp |
Binary or memory string: vmware |
Source: lT2TTQACRLGKK8w.exe, 00000002.00000003.869177633.0000000000F5B000.00000004.00000001.sdmp |
Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllce\H |
Source: lT2TTQACRLGKK8w.exe, 00000000.00000002.655179728.0000000003174000.00000004.00000001.sdmp |
Binary or memory string: C:\PROGRAM FILES\VMWARE\VMWARE TOOLS\ |
Source: lT2TTQACRLGKK8w.exe, 00000000.00000002.655179728.0000000003174000.00000004.00000001.sdmp |
Binary or memory string: SOFTWARE\VMware, Inc.\VMware Tools |
Source: lT2TTQACRLGKK8w.exe, 00000000.00000002.655179728.0000000003174000.00000004.00000001.sdmp |
Binary or memory string: VMware SVGA II!Add-MpPreference -ExclusionPath " |
Source: lT2TTQACRLGKK8w.exe |
Binary or memory string: Hyper-V RAW |
Source: lT2TTQACRLGKK8w.exe, 00000000.00000002.655179728.0000000003174000.00000004.00000001.sdmp |
Binary or memory string: VMWARE |
Source: lT2TTQACRLGKK8w.exe, 00000000.00000002.655179728.0000000003174000.00000004.00000001.sdmp |
Binary or memory string: InstallPath%C:\PROGRAM FILES\VMWARE\VMWARE TOOLS\ |
Source: lT2TTQACRLGKK8w.exe, 00000000.00000002.655179728.0000000003174000.00000004.00000001.sdmp |
Binary or memory string: VMWARE"SOFTWARE\VMware, Inc.\VMware ToolsLHARDWARE\DEVICEMAP\Scsi\Scsi Port 1\Scsi Bus 0\Target Id 0\Logical Unit Id 0LHARDWARE\DEVICEMAP\Scsi\Scsi Port 2\Scsi Bus 0\Target Id 0\Logical Unit Id 0'SYSTEM\ControlSet001\Services\Disk\Enum |
Source: lT2TTQACRLGKK8w.exe, 00000000.00000002.655179728.0000000003174000.00000004.00000001.sdmp |
Binary or memory string: VMware SVGA II |
Source: lT2TTQACRLGKK8w.exe, 00000000.00000002.655179728.0000000003174000.00000004.00000001.sdmp |
Binary or memory string: vmwareNSYSTEM\ControlSet001\Control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}\0000 |
Source: lT2TTQACRLGKK8w.exe, Memory.cs |
Reference to suspicious API methods: ('WriteProcessMemory', 'WriteProcessMemory@kernel32.dll'), ('ReadProcessMemory', 'ReadProcessMemory@kernel32.dll') |
Source: lT2TTQACRLGKK8w.exe, ProcessClass.cs |
Reference to suspicious API methods: ('OpenProcess', 'OpenProcess@kernel32.dll') |
Source: 0.2.lT2TTQACRLGKK8w.exe.cb0000.0.unpack, Memory.cs |
Reference to suspicious API methods: ('WriteProcessMemory', 'WriteProcessMemory@kernel32.dll'), ('ReadProcessMemory', 'ReadProcessMemory@kernel32.dll') |
Source: 0.2.lT2TTQACRLGKK8w.exe.cb0000.0.unpack, ProcessClass.cs |
Reference to suspicious API methods: ('OpenProcess', 'OpenProcess@kernel32.dll') |
Source: 0.0.lT2TTQACRLGKK8w.exe.cb0000.0.unpack, Memory.cs |
Reference to suspicious API methods: ('WriteProcessMemory', 'WriteProcessMemory@kernel32.dll'), ('ReadProcessMemory', 'ReadProcessMemory@kernel32.dll') |
Source: 0.0.lT2TTQACRLGKK8w.exe.cb0000.0.unpack, ProcessClass.cs |
Reference to suspicious API methods: ('OpenProcess', 'OpenProcess@kernel32.dll') |
Source: 2.2.lT2TTQACRLGKK8w.exe.400000.0.unpack, A/b2.cs |
Reference to suspicious API methods: ('A', 'MapVirtualKey@user32.dll') |
Source: 2.0.lT2TTQACRLGKK8w.exe.6f0000.0.unpack, Memory.cs |
Reference to suspicious API methods: ('WriteProcessMemory', 'WriteProcessMemory@kernel32.dll'), ('ReadProcessMemory', 'ReadProcessMemory@kernel32.dll') |
Source: 2.0.lT2TTQACRLGKK8w.exe.6f0000.0.unpack, ProcessClass.cs |
Reference to suspicious API methods: ('OpenProcess', 'OpenProcess@kernel32.dll') |
Source: 2.2.lT2TTQACRLGKK8w.exe.6f0000.1.unpack, ProcessClass.cs |
Reference to suspicious API methods: ('OpenProcess', 'OpenProcess@kernel32.dll') |
Source: 2.2.lT2TTQACRLGKK8w.exe.6f0000.1.unpack, Memory.cs |
Reference to suspicious API methods: ('WriteProcessMemory', 'WriteProcessMemory@kernel32.dll'), ('ReadProcessMemory', 'ReadProcessMemory@kernel32.dll') |
Source: C:\Users\user\Desktop\lT2TTQACRLGKK8w.exe |
Queries volume information: C:\Users\user\Desktop\lT2TTQACRLGKK8w.exe VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\lT2TTQACRLGKK8w.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\lT2TTQACRLGKK8w.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\lT2TTQACRLGKK8w.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\lT2TTQACRLGKK8w.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\lT2TTQACRLGKK8w.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Remoting\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\lT2TTQACRLGKK8w.exe |
Queries volume information: C:\Users\user\Desktop\lT2TTQACRLGKK8w.exe VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\lT2TTQACRLGKK8w.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\lT2TTQACRLGKK8w.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\lT2TTQACRLGKK8w.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\lT2TTQACRLGKK8w.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\lT2TTQACRLGKK8w.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\lT2TTQACRLGKK8w.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\lT2TTQACRLGKK8w.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\lT2TTQACRLGKK8w.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation |
Jump to behavior |