Source: 20210504_20210405.exe, 00000001.00000002.913920147.0000000003231000.00000004.00000001.sdmp | String found in binary or memory: http://127.0.0.1:HTTP/1.1 |
Source: 20210504_20210405.exe, 00000001.00000002.913920147.0000000003231000.00000004.00000001.sdmp | String found in binary or memory: http://DynDns.comDynDNS |
Source: 20210504_20210405.exe, 00000001.00000002.913920147.0000000003231000.00000004.00000001.sdmp | String found in binary or memory: http://LKsSWf.com |
Source: 20210504_20210405.exe, 00000001.00000002.914611347.00000000035A7000.00000004.00000001.sdmp | String found in binary or memory: http://api.telegram.org |
Source: 20210504_20210405.exe, 00000001.00000002.913117138.0000000001583000.00000004.00000020.sdmp | String found in binary or memory: http://certificates.godaddy.com/repository/0 |
Source: 20210504_20210405.exe, 00000001.00000002.913117138.0000000001583000.00000004.00000020.sdmp | String found in binary or memory: http://certificates.godaddy.com/repository/gdig2.crt0 |
Source: 20210504_20210405.exe, 00000001.00000002.913117138.0000000001583000.00000004.00000020.sdmp | String found in binary or memory: http://certs.godaddy.com/repository/1301 |
Source: 20210504_20210405.exe, 00000001.00000002.913117138.0000000001583000.00000004.00000020.sdmp | String found in binary or memory: http://crl.godaddy.com/gdig2s1-1823.crl0 |
Source: 20210504_20210405.exe, 00000001.00000002.914611347.00000000035A7000.00000004.00000001.sdmp | String found in binary or memory: http://crl.godaddy.com/gdroot-g2.crl0F |
Source: 20210504_20210405.exe, 00000001.00000002.914611347.00000000035A7000.00000004.00000001.sdmp | String found in binary or memory: http://crl.godaddy.com/gdroot.crl0F |
Source: 20210504_20210405.exe, 00000001.00000002.913117138.0000000001583000.00000004.00000020.sdmp | String found in binary or memory: http://ocsp.godaddy.com/0 |
Source: 20210504_20210405.exe, 00000001.00000002.914611347.00000000035A7000.00000004.00000001.sdmp | String found in binary or memory: http://ocsp.godaddy.com/02 |
Source: 20210504_20210405.exe, 00000001.00000002.914611347.00000000035A7000.00000004.00000001.sdmp | String found in binary or memory: http://ocsp.godaddy.com/05 |
Source: 20210504_20210405.exe, 00000000.00000002.656756518.0000000002BE1000.00000004.00000001.sdmp, 20210504_20210405.exe, 00000001.00000002.914571014.0000000003592000.00000004.00000001.sdmp | String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name |
Source: 20210504_20210405.exe | String found in binary or memory: http://vbcity.com/forums/t/51894.aspx |
Source: 20210504_20210405.exe, 00000001.00000002.913920147.0000000003231000.00000004.00000001.sdmp | String found in binary or memory: https://ZjkYYZZsvgTe1lRecEb.org |
Source: 20210504_20210405.exe, 00000001.00000002.914571014.0000000003592000.00000004.00000001.sdmp | String found in binary or memory: https://api.telegram.org |
Source: 20210504_20210405.exe, 00000000.00000002.657827131.0000000003BE9000.00000004.00000001.sdmp, 20210504_20210405.exe, 00000001.00000002.912316096.0000000000402000.00000040.00000001.sdmp | String found in binary or memory: https://api.telegram.org/bot1437981864:AAFmXsejy8kUC_pj3BwrEvAeb2cv12XMVZI/ |
Source: 20210504_20210405.exe, 00000001.00000002.913247711.0000000001614000.00000004.00000020.sdmp, 20210504_20210405.exe, 00000001.00000002.914571014.0000000003592000.00000004.00000001.sdmp | String found in binary or memory: https://api.telegram.org/bot1437981864:AAFmXsejy8kUC_pj3BwrEvAeb2cv12XMVZI/sendDocument |
Source: 20210504_20210405.exe, 00000001.00000002.913920147.0000000003231000.00000004.00000001.sdmp | String found in binary or memory: https://api.telegram.org/bot1437981864:AAFmXsejy8kUC_pj3BwrEvAeb2cv12XMVZI/sendDocumentdocument----- |
Source: 20210504_20210405.exe, 00000001.00000002.914571014.0000000003592000.00000004.00000001.sdmp | String found in binary or memory: https://api.telegram.org41k |
Source: 20210504_20210405.exe, 00000001.00000002.914611347.00000000035A7000.00000004.00000001.sdmp | String found in binary or memory: https://certs.godaddy.com/repository/0 |
Source: 20210504_20210405.exe | String found in binary or memory: https://github.com/MrCylops |
Source: 20210504_20210405.exe, 00000000.00000002.656827071.0000000002C35000.00000004.00000001.sdmp | String found in binary or memory: https://stackpath.bootstrapcdn.com/bootstrap/4.5.0/css/bootstrap.min.css |
Source: 20210504_20210405.exe, 00000000.00000002.657827131.0000000003BE9000.00000004.00000001.sdmp, 20210504_20210405.exe, 00000001.00000002.912316096.0000000000402000.00000040.00000001.sdmp | String found in binary or memory: https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip |
Source: 20210504_20210405.exe, 00000001.00000002.913920147.0000000003231000.00000004.00000001.sdmp | String found in binary or memory: https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip%tordir%%ha |
Source: 20210504_20210405.exe, 00000000.00000002.661384199.0000000006000000.00000004.00000001.sdmp | Binary or memory string: OriginalFilenameDSASignature.dll@ vs 20210504_20210405.exe |
Source: 20210504_20210405.exe, 00000000.00000002.656060865.0000000000932000.00000002.00020000.sdmp | Binary or memory string: OriginalFilenameStubHelpers.exe> vs 20210504_20210405.exe |
Source: 20210504_20210405.exe, 00000000.00000002.657827131.0000000003BE9000.00000004.00000001.sdmp | Binary or memory string: OriginalFilenameyucdRfGqglLYCNzNFxRTIcmGQtCfMFXvJrSvO.exe4 vs 20210504_20210405.exe |
Source: 20210504_20210405.exe, 00000000.00000002.656452480.000000000101A000.00000004.00000020.sdmp | Binary or memory string: OriginalFilenameclr.dllT vs 20210504_20210405.exe |
Source: 20210504_20210405.exe, 00000000.00000002.656756518.0000000002BE1000.00000004.00000001.sdmp | Binary or memory string: OriginalFilenameSimpleUI.dll( vs 20210504_20210405.exe |
Source: 20210504_20210405.exe, 00000001.00000002.912485712.0000000000EB2000.00000002.00020000.sdmp | Binary or memory string: OriginalFilenameStubHelpers.exe> vs 20210504_20210405.exe |
Source: 20210504_20210405.exe, 00000001.00000002.912316096.0000000000402000.00000040.00000001.sdmp | Binary or memory string: OriginalFilenameyucdRfGqglLYCNzNFxRTIcmGQtCfMFXvJrSvO.exe4 vs 20210504_20210405.exe |
Source: 20210504_20210405.exe, 00000001.00000002.917451675.0000000006B70000.00000002.00000001.sdmp | Binary or memory string: OriginalFilenamemscorrc.dllT vs 20210504_20210405.exe |
Source: 20210504_20210405.exe, 00000001.00000002.912616106.00000000012F8000.00000004.00000001.sdmp | Binary or memory string: OriginalFilenameUNKNOWN_FILET vs 20210504_20210405.exe |
Source: 20210504_20210405.exe | Binary or memory string: OriginalFilenameStubHelpers.exe> vs 20210504_20210405.exe |
Source: 20210504_20210405.exe, 00000000.00000002.656827071.0000000002C35000.00000004.00000001.sdmp | Binary or memory string: Select * from Clientes WHERE id=@id;; |
Source: 20210504_20210405.exe, 00000000.00000002.656827071.0000000002C35000.00000004.00000001.sdmp | Binary or memory string: Select * from Aluguel Erro ao listar Banco sql-Aluguel.INSERT INTO Aluguel VALUES(@clienteID, @data); |
Source: 20210504_20210405.exe, 00000000.00000002.656827071.0000000002C35000.00000004.00000001.sdmp | Binary or memory string: Select * from SecurityLogonType WHERE id=@id; |
Source: 20210504_20210405.exe, 00000000.00000002.656827071.0000000002C35000.00000004.00000001.sdmp | Binary or memory string: Select * from SecurityLogonType WHERE modelo=@modelo; |
Source: 20210504_20210405.exe, 00000000.00000002.656827071.0000000002C35000.00000004.00000001.sdmp | Binary or memory string: INSERT INTO Itens_Aluguel VALUES(@aluguelID, @aviaoID, @validade); |
Source: 20210504_20210405.exe, 00000000.00000002.656827071.0000000002C35000.00000004.00000001.sdmp | Binary or memory string: Insert into Clientes values (@nome, @cpf, @rg, @cidade, @endereco, @uf, @telefone); |
Source: 20210504_20210405.exe, 00000000.00000002.656827071.0000000002C35000.00000004.00000001.sdmp | Binary or memory string: INSERT INTO Aluguel VALUES(@clienteID, @data); |
Source: 20210504_20210405.exe, 00000000.00000002.656827071.0000000002C35000.00000004.00000001.sdmp | Binary or memory string: INSERT INTO SecurityLogonType VALUES(@modelo, @fabricante, @ano, @cor); |
Source: 20210504_20210405.exe, 00000000.00000002.656827071.0000000002C35000.00000004.00000001.sdmp | Binary or memory string: Select * from SecurityLogonType*Erro ao listar Banco sql-SecurityLogonType,Select * from SecurityLogonType WHERE id=@id;Select * from SecurityLogonType WHERE (modelo LIKE @modelo) |
Source: C:\Users\user\Desktop\20210504_20210405.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\20210504_20210405.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\20210504_20210405.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\20210504_20210405.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\20210504_20210405.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\20210504_20210405.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\20210504_20210405.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\20210504_20210405.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\20210504_20210405.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\20210504_20210405.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\20210504_20210405.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\20210504_20210405.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\20210504_20210405.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\20210504_20210405.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\20210504_20210405.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\20210504_20210405.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\20210504_20210405.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\20210504_20210405.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\20210504_20210405.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\20210504_20210405.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\20210504_20210405.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\20210504_20210405.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\20210504_20210405.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\20210504_20210405.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\20210504_20210405.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\20210504_20210405.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\20210504_20210405.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\20210504_20210405.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\20210504_20210405.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\20210504_20210405.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\20210504_20210405.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\20210504_20210405.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\20210504_20210405.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\20210504_20210405.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\20210504_20210405.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\20210504_20210405.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\20210504_20210405.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\20210504_20210405.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\20210504_20210405.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\20210504_20210405.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\20210504_20210405.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\20210504_20210405.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\20210504_20210405.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\20210504_20210405.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\20210504_20210405.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\20210504_20210405.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\20210504_20210405.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\20210504_20210405.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\20210504_20210405.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\20210504_20210405.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\20210504_20210405.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\20210504_20210405.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\20210504_20210405.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\20210504_20210405.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\20210504_20210405.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\20210504_20210405.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\20210504_20210405.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\20210504_20210405.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\20210504_20210405.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\20210504_20210405.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\20210504_20210405.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\20210504_20210405.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\20210504_20210405.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\20210504_20210405.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\20210504_20210405.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\20210504_20210405.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\20210504_20210405.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\20210504_20210405.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\20210504_20210405.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\20210504_20210405.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\20210504_20210405.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\20210504_20210405.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\20210504_20210405.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\20210504_20210405.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\20210504_20210405.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\20210504_20210405.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\20210504_20210405.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\20210504_20210405.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\20210504_20210405.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\20210504_20210405.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\20210504_20210405.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\20210504_20210405.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\20210504_20210405.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\20210504_20210405.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\20210504_20210405.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\20210504_20210405.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\20210504_20210405.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\20210504_20210405.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\20210504_20210405.exe | Process information set: NOOPENFILEERRORBOX |
Source: 20210504_20210405.exe, 00000000.00000002.656827071.0000000002C35000.00000004.00000001.sdmp | Binary or memory string: vmware |
Source: 20210504_20210405.exe, 00000000.00000002.656827071.0000000002C35000.00000004.00000001.sdmp | Binary or memory string: C:\PROGRAM FILES\VMWARE\VMWARE TOOLS\ |
Source: 20210504_20210405.exe, 00000000.00000002.656827071.0000000002C35000.00000004.00000001.sdmp | Binary or memory string: SOFTWARE\VMware, Inc.\VMware Tools |
Source: 20210504_20210405.exe, 00000000.00000002.656827071.0000000002C35000.00000004.00000001.sdmp | Binary or memory string: VMware SVGA II!Add-MpPreference -ExclusionPath " |
Source: 20210504_20210405.exe, 00000000.00000002.656827071.0000000002C35000.00000004.00000001.sdmp | Binary or memory string: VMWARE |
Source: 20210504_20210405.exe, 00000000.00000002.656827071.0000000002C35000.00000004.00000001.sdmp | Binary or memory string: InstallPath%C:\PROGRAM FILES\VMWARE\VMWARE TOOLS\ |
Source: 20210504_20210405.exe, 00000000.00000002.656827071.0000000002C35000.00000004.00000001.sdmp | Binary or memory string: VMWARE"SOFTWARE\VMware, Inc.\VMware ToolsLHARDWARE\DEVICEMAP\Scsi\Scsi Port 1\Scsi Bus 0\Target Id 0\Logical Unit Id 0LHARDWARE\DEVICEMAP\Scsi\Scsi Port 2\Scsi Bus 0\Target Id 0\Logical Unit Id 0'SYSTEM\ControlSet001\Services\Disk\Enum |
Source: 20210504_20210405.exe, 00000000.00000002.656827071.0000000002C35000.00000004.00000001.sdmp | Binary or memory string: VMware SVGA II |
Source: 20210504_20210405.exe, 00000000.00000002.656827071.0000000002C35000.00000004.00000001.sdmp | Binary or memory string: vmwareNSYSTEM\ControlSet001\Control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}\0000 |
Source: 20210504_20210405.exe, 00000001.00000002.913247711.0000000001614000.00000004.00000020.sdmp | Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll |
Source: 20210504_20210405.exe, Memory.cs | Reference to suspicious API methods: ('WriteProcessMemory', 'WriteProcessMemory@kernel32.dll'), ('ReadProcessMemory', 'ReadProcessMemory@kernel32.dll') |
Source: 20210504_20210405.exe, ProcessClass.cs | Reference to suspicious API methods: ('OpenProcess', 'OpenProcess@kernel32.dll') |
Source: 0.0.20210504_20210405.exe.850000.0.unpack, ProcessClass.cs | Reference to suspicious API methods: ('OpenProcess', 'OpenProcess@kernel32.dll') |
Source: 0.0.20210504_20210405.exe.850000.0.unpack, Memory.cs | Reference to suspicious API methods: ('WriteProcessMemory', 'WriteProcessMemory@kernel32.dll'), ('ReadProcessMemory', 'ReadProcessMemory@kernel32.dll') |
Source: 0.2.20210504_20210405.exe.850000.0.unpack, Memory.cs | Reference to suspicious API methods: ('WriteProcessMemory', 'WriteProcessMemory@kernel32.dll'), ('ReadProcessMemory', 'ReadProcessMemory@kernel32.dll') |
Source: 0.2.20210504_20210405.exe.850000.0.unpack, ProcessClass.cs | Reference to suspicious API methods: ('OpenProcess', 'OpenProcess@kernel32.dll') |
Source: 1.2.20210504_20210405.exe.400000.0.unpack, A/b2.cs | Reference to suspicious API methods: ('A', 'MapVirtualKey@user32.dll') |
Source: 1.0.20210504_20210405.exe.dd0000.0.unpack, Memory.cs | Reference to suspicious API methods: ('WriteProcessMemory', 'WriteProcessMemory@kernel32.dll'), ('ReadProcessMemory', 'ReadProcessMemory@kernel32.dll') |
Source: 1.0.20210504_20210405.exe.dd0000.0.unpack, ProcessClass.cs | Reference to suspicious API methods: ('OpenProcess', 'OpenProcess@kernel32.dll') |
Source: 1.2.20210504_20210405.exe.dd0000.1.unpack, Memory.cs | Reference to suspicious API methods: ('WriteProcessMemory', 'WriteProcessMemory@kernel32.dll'), ('ReadProcessMemory', 'ReadProcessMemory@kernel32.dll') |
Source: 1.2.20210504_20210405.exe.dd0000.1.unpack, ProcessClass.cs | Reference to suspicious API methods: ('OpenProcess', 'OpenProcess@kernel32.dll') |
Source: C:\Users\user\Desktop\20210504_20210405.exe | Queries volume information: C:\Users\user\Desktop\20210504_20210405.exe VolumeInformation |
Source: C:\Users\user\Desktop\20210504_20210405.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation |
Source: C:\Users\user\Desktop\20210504_20210405.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation |
Source: C:\Users\user\Desktop\20210504_20210405.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation |
Source: C:\Users\user\Desktop\20210504_20210405.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation |
Source: C:\Users\user\Desktop\20210504_20210405.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Remoting\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll VolumeInformation |
Source: C:\Users\user\Desktop\20210504_20210405.exe | Queries volume information: C:\Users\user\Desktop\20210504_20210405.exe VolumeInformation |
Source: C:\Users\user\Desktop\20210504_20210405.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation |
Source: C:\Users\user\Desktop\20210504_20210405.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation |
Source: C:\Users\user\Desktop\20210504_20210405.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformation |
Source: C:\Users\user\Desktop\20210504_20210405.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformation |
Source: C:\Users\user\Desktop\20210504_20210405.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformation |
Source: C:\Users\user\Desktop\20210504_20210405.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll VolumeInformation |
Source: C:\Users\user\Desktop\20210504_20210405.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation |
Source: C:\Users\user\Desktop\20210504_20210405.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation |