Source: 6Rn5G1VWPB.exe, 00000002.00000002.915088523.0000000002CF1000.00000004.00000001.sdmp |
String found in binary or memory: http://127.0.0.1:HTTP/1.1 |
Source: 6Rn5G1VWPB.exe, 00000002.00000002.915088523.0000000002CF1000.00000004.00000001.sdmp |
String found in binary or memory: http://DynDns.comDynDNS |
Source: 6Rn5G1VWPB.exe, 00000002.00000002.915088523.0000000002CF1000.00000004.00000001.sdmp |
String found in binary or memory: http://EPtbzE.com |
Source: 6Rn5G1VWPB.exe, 00000002.00000002.915088523.0000000002CF1000.00000004.00000001.sdmp, 6Rn5G1VWPB.exe, 00000002.00000002.915918195.000000000306D000.00000004.00000001.sdmp |
String found in binary or memory: http://ThqqlGVRjff9puHH.com |
Source: 6Rn5G1VWPB.exe |
String found in binary or memory: http://checkip.dyndns.org/ |
Source: 6Rn5G1VWPB.exe, 00000002.00000002.915860392.000000000305E000.00000004.00000001.sdmp |
String found in binary or memory: http://mail.garciadelacruz.com |
Source: 6Rn5G1VWPB.exe, 00000000.00000002.657132516.0000000002A71000.00000004.00000001.sdmp |
String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name |
Source: 6Rn5G1VWPB.exe |
String found in binary or memory: http://servermanager.miixit.org/ |
Source: 6Rn5G1VWPB.exe |
String found in binary or memory: http://servermanager.miixit.org/E |
Source: 6Rn5G1VWPB.exe |
String found in binary or memory: http://servermanager.miixit.org/downloads/ |
Source: 6Rn5G1VWPB.exe |
String found in binary or memory: http://servermanager.miixit.org/hits/hit_index.php?k= |
Source: 6Rn5G1VWPB.exe |
String found in binary or memory: http://servermanager.miixit.org/hits/hit_index.php?k=1 |
Source: 6Rn5G1VWPB.exe |
String found in binary or memory: http://servermanager.miixit.org/index_ru.html |
Source: 6Rn5G1VWPB.exe |
String found in binary or memory: http://servermanager.miixit.org/index_ru.htmlk |
Source: 6Rn5G1VWPB.exe |
String found in binary or memory: http://servermanager.miixit.org/report/reporter_index.php?name= |
Source: 6Rn5G1VWPB.exe, 00000002.00000002.915088523.0000000002CF1000.00000004.00000001.sdmp |
String found in binary or memory: https://api.ipify.org%$ |
Source: 6Rn5G1VWPB.exe, 00000002.00000002.915088523.0000000002CF1000.00000004.00000001.sdmp |
String found in binary or memory: https://api.ipify.org%GETMozilla/5.0 |
Source: 6Rn5G1VWPB.exe, 00000000.00000002.657207704.0000000002ABF000.00000004.00000001.sdmp |
String found in binary or memory: https://stackpath.bootstrapcdn.com/bootstrap/4.5.0/css/bootstrap.min.css |
Source: 6Rn5G1VWPB.exe |
String found in binary or memory: https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=CJU3DBQXBUQPC |
Source: 6Rn5G1VWPB.exe, 00000000.00000002.657613935.0000000003A71000.00000004.00000001.sdmp, 6Rn5G1VWPB.exe, 00000002.00000002.912960268.0000000000402000.00000040.00000001.sdmp |
String found in binary or memory: https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip |
Source: 6Rn5G1VWPB.exe, 00000002.00000002.915088523.0000000002CF1000.00000004.00000001.sdmp |
String found in binary or memory: https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip%tordir%%ha |
Source: C:\Users\user\Desktop\6Rn5G1VWPB.exe |
Code function: 0_2_00627DA2 |
0_2_00627DA2 |
Source: C:\Users\user\Desktop\6Rn5G1VWPB.exe |
Code function: 0_2_0107C2B0 |
0_2_0107C2B0 |
Source: C:\Users\user\Desktop\6Rn5G1VWPB.exe |
Code function: 0_2_01079968 |
0_2_01079968 |
Source: C:\Users\user\Desktop\6Rn5G1VWPB.exe |
Code function: 0_2_0B3C8330 |
0_2_0B3C8330 |
Source: C:\Users\user\Desktop\6Rn5G1VWPB.exe |
Code function: 0_2_0B3C8340 |
0_2_0B3C8340 |
Source: C:\Users\user\Desktop\6Rn5G1VWPB.exe |
Code function: 0_2_0B3C4100 |
0_2_0B3C4100 |
Source: C:\Users\user\Desktop\6Rn5G1VWPB.exe |
Code function: 0_2_0B3C3160 |
0_2_0B3C3160 |
Source: C:\Users\user\Desktop\6Rn5G1VWPB.exe |
Code function: 2_2_007D7DA2 |
2_2_007D7DA2 |
Source: C:\Users\user\Desktop\6Rn5G1VWPB.exe |
Code function: 2_2_010C7560 |
2_2_010C7560 |
Source: C:\Users\user\Desktop\6Rn5G1VWPB.exe |
Code function: 2_2_010CBDB8 |
2_2_010CBDB8 |
Source: C:\Users\user\Desktop\6Rn5G1VWPB.exe |
Code function: 2_2_010C0040 |
2_2_010C0040 |
Source: C:\Users\user\Desktop\6Rn5G1VWPB.exe |
Code function: 2_2_010C5B38 |
2_2_010C5B38 |
Source: C:\Users\user\Desktop\6Rn5G1VWPB.exe |
Code function: 2_2_010C3770 |
2_2_010C3770 |
Source: C:\Users\user\Desktop\6Rn5G1VWPB.exe |
Code function: 2_2_010C8010 |
2_2_010C8010 |
Source: C:\Users\user\Desktop\6Rn5G1VWPB.exe |
Code function: 2_2_010CD878 |
2_2_010CD878 |
Source: C:\Users\user\Desktop\6Rn5G1VWPB.exe |
Code function: 2_2_010D6178 |
2_2_010D6178 |
Source: C:\Users\user\Desktop\6Rn5G1VWPB.exe |
Code function: 2_2_010D68B0 |
2_2_010D68B0 |
Source: C:\Users\user\Desktop\6Rn5G1VWPB.exe |
Code function: 2_2_010D5B40 |
2_2_010D5B40 |
Source: C:\Users\user\Desktop\6Rn5G1VWPB.exe |
Code function: 2_2_010D3698 |
2_2_010D3698 |
Source: C:\Users\user\Desktop\6Rn5G1VWPB.exe |
Code function: 2_2_010E5D68 |
2_2_010E5D68 |
Source: C:\Users\user\Desktop\6Rn5G1VWPB.exe |
Code function: 2_2_010E09C6 |
2_2_010E09C6 |
Source: C:\Users\user\Desktop\6Rn5G1VWPB.exe |
Code function: 2_2_010EA1C4 |
2_2_010EA1C4 |
Source: C:\Users\user\Desktop\6Rn5G1VWPB.exe |
Code function: 2_2_010EAC38 |
2_2_010EAC38 |
Source: C:\Users\user\Desktop\6Rn5G1VWPB.exe |
Code function: 2_2_010E9098 |
2_2_010E9098 |
Source: C:\Users\user\Desktop\6Rn5G1VWPB.exe |
Code function: 2_2_010ECF80 |
2_2_010ECF80 |
Source: C:\Users\user\Desktop\6Rn5G1VWPB.exe |
Code function: 2_2_010EE210 |
2_2_010EE210 |
Source: C:\Users\user\Desktop\6Rn5G1VWPB.exe |
Code function: 2_2_010E70B8 |
2_2_010E70B8 |
Source: 6Rn5G1VWPB.exe, 00000000.00000002.656374839.0000000000726000.00000002.00020000.sdmp |
Binary or memory string: OriginalFilenameNullableMarshaler.exeP vs 6Rn5G1VWPB.exe |
Source: 6Rn5G1VWPB.exe, 00000000.00000002.660770620.0000000005E00000.00000004.00000001.sdmp |
Binary or memory string: OriginalFilenameDSASignature.dll@ vs 6Rn5G1VWPB.exe |
Source: 6Rn5G1VWPB.exe, 00000000.00000002.657132516.0000000002A71000.00000004.00000001.sdmp |
Binary or memory string: OriginalFilenameSimpleUI.dll( vs 6Rn5G1VWPB.exe |
Source: 6Rn5G1VWPB.exe, 00000000.00000002.657132516.0000000002A71000.00000004.00000001.sdmp |
Binary or memory string: OriginalFilenamermQUBCospdbOYhbGMUBMmNJghaERaRjQZrS.exe4 vs 6Rn5G1VWPB.exe |
Source: 6Rn5G1VWPB.exe, 00000000.00000002.656695118.0000000000DBA000.00000004.00000020.sdmp |
Binary or memory string: OriginalFilenameclr.dllT vs 6Rn5G1VWPB.exe |
Source: 6Rn5G1VWPB.exe, 00000002.00000002.912960268.0000000000402000.00000040.00000001.sdmp |
Binary or memory string: OriginalFilenamermQUBCospdbOYhbGMUBMmNJghaERaRjQZrS.exe4 vs 6Rn5G1VWPB.exe |
Source: 6Rn5G1VWPB.exe, 00000002.00000002.914452498.0000000001230000.00000002.00000001.sdmp |
Binary or memory string: OriginalFilenamemscorrc.dllT vs 6Rn5G1VWPB.exe |
Source: 6Rn5G1VWPB.exe, 00000002.00000002.914284247.00000000010B0000.00000002.00000001.sdmp |
Binary or memory string: OriginalFilenamewshom.ocx vs 6Rn5G1VWPB.exe |
Source: 6Rn5G1VWPB.exe, 00000002.00000002.913959685.0000000000FAA000.00000004.00000020.sdmp |
Binary or memory string: OriginalFilenameclr.dllT vs 6Rn5G1VWPB.exe |
Source: 6Rn5G1VWPB.exe, 00000002.00000002.913136418.00000000008D6000.00000002.00020000.sdmp |
Binary or memory string: OriginalFilenameNullableMarshaler.exeP vs 6Rn5G1VWPB.exe |
Source: 6Rn5G1VWPB.exe, 00000002.00000002.913204426.0000000000CF8000.00000004.00000001.sdmp |
Binary or memory string: OriginalFilenameUNKNOWN_FILET vs 6Rn5G1VWPB.exe |
Source: 6Rn5G1VWPB.exe |
Binary or memory string: OriginalFilenameNullableMarshaler.exeP vs 6Rn5G1VWPB.exe |
Source: 6Rn5G1VWPB.exe, 00000000.00000002.657207704.0000000002ABF000.00000004.00000001.sdmp |
Binary or memory string: Select * from Clientes WHERE id=@id;; |
Source: 6Rn5G1VWPB.exe, 00000000.00000002.657207704.0000000002ABF000.00000004.00000001.sdmp |
Binary or memory string: Select * from Aluguel Erro ao listar Banco sql-Aluguel.INSERT INTO Aluguel VALUES(@clienteID, @data); |
Source: 6Rn5G1VWPB.exe, 00000000.00000002.657207704.0000000002ABF000.00000004.00000001.sdmp |
Binary or memory string: Select * from SecurityLogonType WHERE id=@id; |
Source: 6Rn5G1VWPB.exe, 00000000.00000002.657207704.0000000002ABF000.00000004.00000001.sdmp |
Binary or memory string: Select * from SecurityLogonType WHERE modelo=@modelo; |
Source: 6Rn5G1VWPB.exe, 00000000.00000002.657207704.0000000002ABF000.00000004.00000001.sdmp |
Binary or memory string: INSERT INTO Itens_Aluguel VALUES(@aluguelID, @aviaoID, @validade); |
Source: 6Rn5G1VWPB.exe, 00000000.00000002.657207704.0000000002ABF000.00000004.00000001.sdmp |
Binary or memory string: Insert into Clientes values (@nome, @cpf, @rg, @cidade, @endereco, @uf, @telefone); |
Source: 6Rn5G1VWPB.exe, 00000000.00000002.657207704.0000000002ABF000.00000004.00000001.sdmp |
Binary or memory string: INSERT INTO Aluguel VALUES(@clienteID, @data); |
Source: 6Rn5G1VWPB.exe, 00000000.00000002.657207704.0000000002ABF000.00000004.00000001.sdmp |
Binary or memory string: INSERT INTO SecurityLogonType VALUES(@modelo, @fabricante, @ano, @cor); |
Source: 6Rn5G1VWPB.exe, 00000000.00000002.657207704.0000000002ABF000.00000004.00000001.sdmp |
Binary or memory string: Select * from SecurityLogonType*Erro ao listar Banco sql-SecurityLogonType,Select * from SecurityLogonType WHERE id=@id;Select * from SecurityLogonType WHERE (modelo LIKE @modelo) |
Source: C:\Users\user\Desktop\6Rn5G1VWPB.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\6Rn5G1VWPB.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\6Rn5G1VWPB.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\6Rn5G1VWPB.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\6Rn5G1VWPB.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\6Rn5G1VWPB.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\6Rn5G1VWPB.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\6Rn5G1VWPB.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\6Rn5G1VWPB.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\6Rn5G1VWPB.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\6Rn5G1VWPB.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\6Rn5G1VWPB.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\6Rn5G1VWPB.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\6Rn5G1VWPB.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\6Rn5G1VWPB.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\6Rn5G1VWPB.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\6Rn5G1VWPB.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\6Rn5G1VWPB.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\6Rn5G1VWPB.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\6Rn5G1VWPB.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\6Rn5G1VWPB.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\6Rn5G1VWPB.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\6Rn5G1VWPB.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\6Rn5G1VWPB.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\6Rn5G1VWPB.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\6Rn5G1VWPB.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\6Rn5G1VWPB.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\6Rn5G1VWPB.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\6Rn5G1VWPB.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\6Rn5G1VWPB.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\6Rn5G1VWPB.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\6Rn5G1VWPB.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\6Rn5G1VWPB.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\6Rn5G1VWPB.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\6Rn5G1VWPB.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\6Rn5G1VWPB.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\6Rn5G1VWPB.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\6Rn5G1VWPB.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\6Rn5G1VWPB.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\6Rn5G1VWPB.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\6Rn5G1VWPB.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\6Rn5G1VWPB.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\6Rn5G1VWPB.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\6Rn5G1VWPB.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\6Rn5G1VWPB.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\6Rn5G1VWPB.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\6Rn5G1VWPB.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\6Rn5G1VWPB.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\6Rn5G1VWPB.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\6Rn5G1VWPB.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\6Rn5G1VWPB.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\6Rn5G1VWPB.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\6Rn5G1VWPB.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\6Rn5G1VWPB.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\6Rn5G1VWPB.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\6Rn5G1VWPB.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\6Rn5G1VWPB.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\6Rn5G1VWPB.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\6Rn5G1VWPB.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\6Rn5G1VWPB.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\6Rn5G1VWPB.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\6Rn5G1VWPB.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\6Rn5G1VWPB.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\6Rn5G1VWPB.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\6Rn5G1VWPB.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\6Rn5G1VWPB.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\6Rn5G1VWPB.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\6Rn5G1VWPB.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\6Rn5G1VWPB.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\6Rn5G1VWPB.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\6Rn5G1VWPB.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\6Rn5G1VWPB.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\6Rn5G1VWPB.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\6Rn5G1VWPB.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\6Rn5G1VWPB.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\6Rn5G1VWPB.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\6Rn5G1VWPB.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\6Rn5G1VWPB.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\6Rn5G1VWPB.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\6Rn5G1VWPB.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\6Rn5G1VWPB.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\6Rn5G1VWPB.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\6Rn5G1VWPB.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\6Rn5G1VWPB.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\6Rn5G1VWPB.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\6Rn5G1VWPB.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: 6Rn5G1VWPB.exe, 00000000.00000002.657207704.0000000002ABF000.00000004.00000001.sdmp |
Binary or memory string: vmware |
Source: 6Rn5G1VWPB.exe, 00000000.00000002.657207704.0000000002ABF000.00000004.00000001.sdmp |
Binary or memory string: C:\PROGRAM FILES\VMWARE\VMWARE TOOLS\ |
Source: 6Rn5G1VWPB.exe, 00000000.00000002.657207704.0000000002ABF000.00000004.00000001.sdmp |
Binary or memory string: SOFTWARE\VMware, Inc.\VMware Tools |
Source: 6Rn5G1VWPB.exe, 00000000.00000002.657207704.0000000002ABF000.00000004.00000001.sdmp |
Binary or memory string: VMware SVGA II!Add-MpPreference -ExclusionPath " |
Source: 6Rn5G1VWPB.exe, 00000000.00000002.657207704.0000000002ABF000.00000004.00000001.sdmp |
Binary or memory string: VMWARE |
Source: 6Rn5G1VWPB.exe, 00000000.00000002.657207704.0000000002ABF000.00000004.00000001.sdmp |
Binary or memory string: InstallPath%C:\PROGRAM FILES\VMWARE\VMWARE TOOLS\ |
Source: 6Rn5G1VWPB.exe, 00000002.00000002.918678159.0000000006150000.00000004.00000001.sdmp |
Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllRYr{ |
Source: 6Rn5G1VWPB.exe, 00000000.00000002.657207704.0000000002ABF000.00000004.00000001.sdmp |
Binary or memory string: VMWARE"SOFTWARE\VMware, Inc.\VMware ToolsLHARDWARE\DEVICEMAP\Scsi\Scsi Port 1\Scsi Bus 0\Target Id 0\Logical Unit Id 0LHARDWARE\DEVICEMAP\Scsi\Scsi Port 2\Scsi Bus 0\Target Id 0\Logical Unit Id 0'SYSTEM\ControlSet001\Services\Disk\Enum |
Source: 6Rn5G1VWPB.exe, 00000000.00000002.657207704.0000000002ABF000.00000004.00000001.sdmp |
Binary or memory string: VMware SVGA II |
Source: 6Rn5G1VWPB.exe, 00000000.00000002.657207704.0000000002ABF000.00000004.00000001.sdmp |
Binary or memory string: vmwareNSYSTEM\ControlSet001\Control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}\0000 |
Source: C:\Users\user\Desktop\6Rn5G1VWPB.exe |
Queries volume information: C:\Users\user\Desktop\6Rn5G1VWPB.exe VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\6Rn5G1VWPB.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\6Rn5G1VWPB.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\6Rn5G1VWPB.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\6Rn5G1VWPB.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\6Rn5G1VWPB.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Remoting\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\6Rn5G1VWPB.exe |
Queries volume information: C:\Users\user\Desktop\6Rn5G1VWPB.exe VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\6Rn5G1VWPB.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\6Rn5G1VWPB.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\6Rn5G1VWPB.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\6Rn5G1VWPB.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\6Rn5G1VWPB.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\6Rn5G1VWPB.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\6Rn5G1VWPB.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\6Rn5G1VWPB.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation |
Jump to behavior |
Source: Yara match |
File source: 00000002.00000002.912960268.0000000000402000.00000040.00000001.sdmp, type: MEMORY |
Source: Yara match |
File source: 00000000.00000002.657613935.0000000003A71000.00000004.00000001.sdmp, type: MEMORY |
Source: Yara match |
File source: 00000002.00000002.915088523.0000000002CF1000.00000004.00000001.sdmp, type: MEMORY |
Source: Yara match |
File source: Process Memory Space: 6Rn5G1VWPB.exe PID: 6004, type: MEMORY |
Source: Yara match |
File source: Process Memory Space: 6Rn5G1VWPB.exe PID: 6488, type: MEMORY |
Source: Yara match |
File source: 0.2.6Rn5G1VWPB.exe.3b28798.4.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 2.2.6Rn5G1VWPB.exe.400000.0.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 0.2.6Rn5G1VWPB.exe.3b28798.4.raw.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 00000002.00000002.912960268.0000000000402000.00000040.00000001.sdmp, type: MEMORY |
Source: Yara match |
File source: 00000000.00000002.657613935.0000000003A71000.00000004.00000001.sdmp, type: MEMORY |
Source: Yara match |
File source: 00000002.00000002.915088523.0000000002CF1000.00000004.00000001.sdmp, type: MEMORY |
Source: Yara match |
File source: Process Memory Space: 6Rn5G1VWPB.exe PID: 6004, type: MEMORY |
Source: Yara match |
File source: Process Memory Space: 6Rn5G1VWPB.exe PID: 6488, type: MEMORY |
Source: Yara match |
File source: 0.2.6Rn5G1VWPB.exe.3b28798.4.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 2.2.6Rn5G1VWPB.exe.400000.0.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 0.2.6Rn5G1VWPB.exe.3b28798.4.raw.unpack, type: UNPACKEDPE |