Source: Ko4zQgTBHv.exe, 00000004.00000002.595056596.0000000002B01000.00000004.00000001.sdmp | String found in binary or memory: http://127.0.0.1:HTTP/1.1 |
Source: Ko4zQgTBHv.exe, 00000004.00000002.595056596.0000000002B01000.00000004.00000001.sdmp | String found in binary or memory: http://DynDns.comDynDNS |
Source: Ko4zQgTBHv.exe, 00000004.00000002.595056596.0000000002B01000.00000004.00000001.sdmp | String found in binary or memory: http://bplSZH.com |
Source: Ko4zQgTBHv.exe | String found in binary or memory: http://checkip.dyndns.org/ |
Source: Ko4zQgTBHv.exe, 00000004.00000002.599388925.0000000006690000.00000004.00000001.sdmp | String found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl04 |
Source: Ko4zQgTBHv.exe, 00000004.00000002.599485446.00000000066CB000.00000004.00000001.sdmp | String found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06 |
Source: Ko4zQgTBHv.exe, 00000004.00000002.599388925.0000000006690000.00000004.00000001.sdmp | String found in binary or memory: http://crt.sectigo.com/SectigoRSA |
Source: Ko4zQgTBHv.exe, 00000004.00000002.599388925.0000000006690000.00000004.00000001.sdmp | String found in binary or memory: http://crt.sectigo.com/SectigoRSADomainValidationSecureServerCA.crt0# |
Source: Ko4zQgTBHv.exe, 00000004.00000002.596057980.0000000002C3C000.00000004.00000001.sdmp | String found in binary or memory: http://mail.privateemail.com |
Source: Ko4zQgTBHv.exe, 00000004.00000002.599388925.0000000006690000.00000004.00000001.sdmp | String found in binary or memory: http://ocsp.comodoca.com0 |
Source: Ko4zQgTBHv.exe, 00000004.00000002.599388925.0000000006690000.00000004.00000001.sdmp | String found in binary or memory: http://ocsp.sectigo.com0 |
Source: Ko4zQgTBHv.exe, 00000000.00000002.342093039.0000000002D01000.00000004.00000001.sdmp | String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name |
Source: Ko4zQgTBHv.exe | String found in binary or memory: http://servermanager.miixit.org/ |
Source: Ko4zQgTBHv.exe | String found in binary or memory: http://servermanager.miixit.org/E |
Source: Ko4zQgTBHv.exe | String found in binary or memory: http://servermanager.miixit.org/downloads/ |
Source: Ko4zQgTBHv.exe | String found in binary or memory: http://servermanager.miixit.org/hits/hit_index.php?k= |
Source: Ko4zQgTBHv.exe | String found in binary or memory: http://servermanager.miixit.org/hits/hit_index.php?k=1 |
Source: Ko4zQgTBHv.exe | String found in binary or memory: http://servermanager.miixit.org/index_ru.html |
Source: Ko4zQgTBHv.exe | String found in binary or memory: http://servermanager.miixit.org/index_ru.htmlk |
Source: Ko4zQgTBHv.exe | String found in binary or memory: http://servermanager.miixit.org/report/reporter_index.php?name= |
Source: Ko4zQgTBHv.exe, 00000004.00000002.595643681.0000000002BB0000.00000004.00000001.sdmp | String found in binary or memory: https://o3u5ap5OYRcXqxyqT.org |
Source: Ko4zQgTBHv.exe, 00000004.00000002.595643681.0000000002BB0000.00000004.00000001.sdmp | String found in binary or memory: https://o3u5ap5OYRcXqxyqT.org8 |
Source: Ko4zQgTBHv.exe, 00000004.00000002.599388925.0000000006690000.00000004.00000001.sdmp | String found in binary or memory: https://sectigo.c |
Source: Ko4zQgTBHv.exe, 00000004.00000002.599388925.0000000006690000.00000004.00000001.sdmp | String found in binary or memory: https://sectigo.com/CPS0 |
Source: Ko4zQgTBHv.exe, 00000000.00000002.342175940.0000000002D4E000.00000004.00000001.sdmp | String found in binary or memory: https://stackpath.bootstrapcdn.com/bootstrap/4.5.0/css/bootstrap.min.css |
Source: Ko4zQgTBHv.exe | String found in binary or memory: https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=CJU3DBQXBUQPC |
Source: Ko4zQgTBHv.exe, 00000000.00000002.343072283.0000000003D01000.00000004.00000001.sdmp, Ko4zQgTBHv.exe, 00000004.00000002.591708318.0000000000402000.00000040.00000001.sdmp | String found in binary or memory: https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip |
Source: Ko4zQgTBHv.exe, 00000004.00000002.595056596.0000000002B01000.00000004.00000001.sdmp | String found in binary or memory: https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip%tordir%%ha |
Source: C:\Users\user\Desktop\Ko4zQgTBHv.exe | Code function: 0_2_00807DA2 |
Source: C:\Users\user\Desktop\Ko4zQgTBHv.exe | Code function: 0_2_0B583B18 |
Source: C:\Users\user\Desktop\Ko4zQgTBHv.exe | Code function: 0_2_0B5893A0 |
Source: C:\Users\user\Desktop\Ko4zQgTBHv.exe | Code function: 0_2_0B588660 |
Source: C:\Users\user\Desktop\Ko4zQgTBHv.exe | Code function: 0_2_0B58A218 |
Source: C:\Users\user\Desktop\Ko4zQgTBHv.exe | Code function: 0_2_0B588D08 |
Source: C:\Users\user\Desktop\Ko4zQgTBHv.exe | Code function: 0_2_0B583B09 |
Source: C:\Users\user\Desktop\Ko4zQgTBHv.exe | Code function: 0_2_0B585BD0 |
Source: C:\Users\user\Desktop\Ko4zQgTBHv.exe | Code function: 0_2_0B585BCB |
Source: C:\Users\user\Desktop\Ko4zQgTBHv.exe | Code function: 0_2_0B589390 |
Source: C:\Users\user\Desktop\Ko4zQgTBHv.exe | Code function: 0_2_0B588651 |
Source: C:\Users\user\Desktop\Ko4zQgTBHv.exe | Code function: 0_2_0B589E48 |
Source: C:\Users\user\Desktop\Ko4zQgTBHv.exe | Code function: 0_2_0B58A207 |
Source: C:\Users\user\Desktop\Ko4zQgTBHv.exe | Code function: 0_2_0B589E39 |
Source: C:\Users\user\Desktop\Ko4zQgTBHv.exe | Code function: 0_2_0B5866C8 |
Source: C:\Users\user\Desktop\Ko4zQgTBHv.exe | Code function: 0_2_0B5842F0 |
Source: C:\Users\user\Desktop\Ko4zQgTBHv.exe | Code function: 0_2_0B5842E1 |
Source: C:\Users\user\Desktop\Ko4zQgTBHv.exe | Code function: 0_2_0B5866B8 |
Source: C:\Users\user\Desktop\Ko4zQgTBHv.exe | Code function: 0_2_0B58A539 |
Source: C:\Users\user\Desktop\Ko4zQgTBHv.exe | Code function: 0_2_0B584998 |
Source: C:\Users\user\Desktop\Ko4zQgTBHv.exe | Code function: 0_2_0B584993 |
Source: C:\Users\user\Desktop\Ko4zQgTBHv.exe | Code function: 0_2_0B58A450 |
Source: C:\Users\user\Desktop\Ko4zQgTBHv.exe | Code function: 0_2_0B580040 |
Source: C:\Users\user\Desktop\Ko4zQgTBHv.exe | Code function: 0_2_0B584010 |
Source: C:\Users\user\Desktop\Ko4zQgTBHv.exe | Code function: 0_2_0B580006 |
Source: C:\Users\user\Desktop\Ko4zQgTBHv.exe | Code function: 0_2_0B584020 |
Source: C:\Users\user\Desktop\Ko4zQgTBHv.exe | Code function: 0_2_0B588CFB |
Source: C:\Users\user\Desktop\Ko4zQgTBHv.exe | Code function: 0_2_0B58A4A7 |
Source: C:\Users\user\Desktop\Ko4zQgTBHv.exe | Code function: 4_2_006C7DA2 |
Source: C:\Users\user\Desktop\Ko4zQgTBHv.exe | Code function: 4_2_029146A0 |
Source: C:\Users\user\Desktop\Ko4zQgTBHv.exe | Code function: 4_2_029145B0 |
Source: C:\Users\user\Desktop\Ko4zQgTBHv.exe | Code function: 4_2_0291DA01 |
Source: C:\Users\user\Desktop\Ko4zQgTBHv.exe | Code function: 4_2_05D07540 |
Source: C:\Users\user\Desktop\Ko4zQgTBHv.exe | Code function: 4_2_05D094F8 |
Source: C:\Users\user\Desktop\Ko4zQgTBHv.exe | Code function: 4_2_05D06C70 |
Source: C:\Users\user\Desktop\Ko4zQgTBHv.exe | Code function: 4_2_05D06928 |
Source: C:\Users\user\Desktop\Ko4zQgTBHv.exe | Code function: 4_2_06195608 |
Source: C:\Users\user\Desktop\Ko4zQgTBHv.exe | Code function: 4_2_061906D0 |
Source: Ko4zQgTBHv.exe | Binary or memory string: OriginalFilename vs Ko4zQgTBHv.exe |
Source: Ko4zQgTBHv.exe, 00000000.00000002.346803709.000000000BB10000.00000002.00000001.sdmp | Binary or memory string: System.OriginalFileName vs Ko4zQgTBHv.exe |
Source: Ko4zQgTBHv.exe, 00000000.00000002.347104132.000000000BC00000.00000002.00000001.sdmp | Binary or memory string: originalfilename vs Ko4zQgTBHv.exe |
Source: Ko4zQgTBHv.exe, 00000000.00000002.347104132.000000000BC00000.00000002.00000001.sdmp | Binary or memory string: OriginalFilenamepropsys.dll.mui@ vs Ko4zQgTBHv.exe |
Source: Ko4zQgTBHv.exe, 00000000.00000002.342175940.0000000002D4E000.00000004.00000001.sdmp | Binary or memory string: OriginalFilenameScopelessEnumAttribute.exeF vs Ko4zQgTBHv.exe |
Source: Ko4zQgTBHv.exe, 00000000.00000002.342175940.0000000002D4E000.00000004.00000001.sdmp | Binary or memory string: l,\\StringFileInfo\\000004B0\\OriginalFilename vs Ko4zQgTBHv.exe |
Source: Ko4zQgTBHv.exe, 00000000.00000002.342228241.0000000002D99000.00000004.00000001.sdmp | Binary or memory string: OriginalFilenameSimpleUI.dll( vs Ko4zQgTBHv.exe |
Source: Ko4zQgTBHv.exe, 00000000.00000002.342093039.0000000002D01000.00000004.00000001.sdmp | Binary or memory string: OriginalFilenameCYbtWKpyduSheqLLdYLNwktYyalD.exe4 vs Ko4zQgTBHv.exe |
Source: Ko4zQgTBHv.exe, 00000000.00000002.343072283.0000000003D01000.00000004.00000001.sdmp | Binary or memory string: OriginalFilenameDSASignature.dll@ vs Ko4zQgTBHv.exe |
Source: Ko4zQgTBHv.exe | Binary or memory string: OriginalFilename vs Ko4zQgTBHv.exe |
Source: Ko4zQgTBHv.exe, 00000004.00000002.593856787.0000000001010000.00000002.00000001.sdmp | Binary or memory string: OriginalFilenamewshom.ocx vs Ko4zQgTBHv.exe |
Source: Ko4zQgTBHv.exe, 00000004.00000002.592490851.0000000000B58000.00000004.00000001.sdmp | Binary or memory string: OriginalFilenameUNKNOWN_FILET vs Ko4zQgTBHv.exe |
Source: Ko4zQgTBHv.exe, 00000004.00000002.591708318.0000000000402000.00000040.00000001.sdmp | Binary or memory string: OriginalFilenameCYbtWKpyduSheqLLdYLNwktYyalD.exe4 vs Ko4zQgTBHv.exe |
Source: Ko4zQgTBHv.exe, 00000004.00000002.593872285.0000000001020000.00000002.00000001.sdmp | Binary or memory string: OriginalFilenamewshom.ocx.mui vs Ko4zQgTBHv.exe |
Source: Ko4zQgTBHv.exe, 00000004.00000002.593770195.0000000000F50000.00000002.00000001.sdmp | Binary or memory string: OriginalFilenamemscorrc.dllT vs Ko4zQgTBHv.exe |
Source: Ko4zQgTBHv.exe | Binary or memory string: OriginalFilenameScopelessEnumAttribute.exeF vs Ko4zQgTBHv.exe |
Source: Ko4zQgTBHv.exe, 00000000.00000002.342175940.0000000002D4E000.00000004.00000001.sdmp | Binary or memory string: Select * from Clientes WHERE id=@id;; |
Source: Ko4zQgTBHv.exe, 00000000.00000002.342175940.0000000002D4E000.00000004.00000001.sdmp | Binary or memory string: Select * from Aluguel Erro ao listar Banco sql-Aluguel.INSERT INTO Aluguel VALUES(@clienteID, @data); |
Source: Ko4zQgTBHv.exe, 00000000.00000002.342175940.0000000002D4E000.00000004.00000001.sdmp | Binary or memory string: Select * from SecurityLogonType WHERE id=@id; |
Source: Ko4zQgTBHv.exe, 00000000.00000002.342175940.0000000002D4E000.00000004.00000001.sdmp | Binary or memory string: Select * from SecurityLogonType WHERE modelo=@modelo; |
Source: Ko4zQgTBHv.exe, 00000000.00000002.342175940.0000000002D4E000.00000004.00000001.sdmp | Binary or memory string: INSERT INTO Itens_Aluguel VALUES(@aluguelID, @aviaoID, @validade); |
Source: Ko4zQgTBHv.exe, 00000000.00000002.342175940.0000000002D4E000.00000004.00000001.sdmp | Binary or memory string: Insert into Clientes values (@nome, @cpf, @rg, @cidade, @endereco, @uf, @telefone); |
Source: Ko4zQgTBHv.exe, 00000000.00000002.342175940.0000000002D4E000.00000004.00000001.sdmp | Binary or memory string: INSERT INTO Aluguel VALUES(@clienteID, @data); |
Source: Ko4zQgTBHv.exe, 00000000.00000002.342175940.0000000002D4E000.00000004.00000001.sdmp | Binary or memory string: INSERT INTO SecurityLogonType VALUES(@modelo, @fabricante, @ano, @cor); |
Source: Ko4zQgTBHv.exe, 00000000.00000002.342175940.0000000002D4E000.00000004.00000001.sdmp | Binary or memory string: Select * from SecurityLogonType*Erro ao listar Banco sql-SecurityLogonType,Select * from SecurityLogonType WHERE id=@id;Select * from SecurityLogonType WHERE (modelo LIKE @modelo) |
Source: C:\Users\user\Desktop\Ko4zQgTBHv.exe | Code function: 0_2_0080761D push es; retf |
Source: C:\Users\user\Desktop\Ko4zQgTBHv.exe | Code function: 0_2_00807656 push es; retf |
Source: C:\Users\user\Desktop\Ko4zQgTBHv.exe | Code function: 0_2_0B5847DB push esi; retf |
Source: C:\Users\user\Desktop\Ko4zQgTBHv.exe | Code function: 4_2_006C7656 push es; retf |
Source: C:\Users\user\Desktop\Ko4zQgTBHv.exe | Code function: 4_2_006C761D push es; retf |
Source: C:\Users\user\Desktop\Ko4zQgTBHv.exe | Code function: 4_2_05D025C3 push esp; retf |
Source: C:\Users\user\Desktop\Ko4zQgTBHv.exe | Code function: 4_2_05D025F3 push ebp; retf |
Source: C:\Users\user\Desktop\Ko4zQgTBHv.exe | Code function: 4_2_05D025B3 push ebx; retf |
Source: C:\Users\user\Desktop\Ko4zQgTBHv.exe | Code function: 4_2_05D025A3 push edx; retf |
Source: C:\Users\user\Desktop\Ko4zQgTBHv.exe | Code function: 4_2_05D0257C push eax; retf |
Source: C:\Users\user\Desktop\Ko4zQgTBHv.exe | Code function: 4_2_05D02663 push 0A6405CAh; retf |
Source: C:\Users\user\Desktop\Ko4zQgTBHv.exe | Code function: 4_2_05D02603 push edi; retf |
Source: C:\Users\user\Desktop\Ko4zQgTBHv.exe | Code function: 4_2_05D021C9 push ecx; retf 0005h |
Source: C:\Users\user\Desktop\Ko4zQgTBHv.exe | Code function: 4_2_05D01140 push ds; retf |
Source: C:\Users\user\Desktop\Ko4zQgTBHv.exe | Code function: 4_2_05D050F7 push edi; retf |
Source: C:\Users\user\Desktop\Ko4zQgTBHv.exe | Code function: 4_2_05D01048 push ds; retf |
Source: C:\Users\user\Desktop\Ko4zQgTBHv.exe | Code function: 4_2_05D01077 push ds; retf |
Source: C:\Users\user\Desktop\Ko4zQgTBHv.exe | Code function: 4_2_05D01068 push ds; retf |
Source: C:\Users\user\Desktop\Ko4zQgTBHv.exe | Code function: 4_2_05D0B374 push 968C00CCh; retf 0005h |
Source: C:\Users\user\Desktop\Ko4zQgTBHv.exe | Code function: 4_2_05D052D0 push edi; retf |
Source: C:\Users\user\Desktop\Ko4zQgTBHv.exe | Code function: 4_2_05D0122B push ds; retf |
Source: C:\Users\user\Desktop\Ko4zQgTBHv.exe | Code function: 4_2_05D0BCC0 pushfd ; retf 0005h |
Source: C:\Users\user\Desktop\Ko4zQgTBHv.exe | Code function: 4_2_05D0BF08 pushfd ; retf 0005h |
Source: C:\Users\user\Desktop\Ko4zQgTBHv.exe | Code function: 4_2_05D04EEC push ebp; retf |
Source: C:\Users\user\Desktop\Ko4zQgTBHv.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\Ko4zQgTBHv.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\Ko4zQgTBHv.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\Ko4zQgTBHv.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\Ko4zQgTBHv.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\Ko4zQgTBHv.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\Ko4zQgTBHv.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\Ko4zQgTBHv.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\Ko4zQgTBHv.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\Ko4zQgTBHv.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\Ko4zQgTBHv.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\Ko4zQgTBHv.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\Ko4zQgTBHv.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\Ko4zQgTBHv.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\Ko4zQgTBHv.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\Ko4zQgTBHv.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\Ko4zQgTBHv.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\Ko4zQgTBHv.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\Ko4zQgTBHv.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\Ko4zQgTBHv.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\Ko4zQgTBHv.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\Ko4zQgTBHv.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\Ko4zQgTBHv.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\Ko4zQgTBHv.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\Ko4zQgTBHv.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\Ko4zQgTBHv.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\Ko4zQgTBHv.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\Ko4zQgTBHv.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\Ko4zQgTBHv.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\Ko4zQgTBHv.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\Ko4zQgTBHv.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\Ko4zQgTBHv.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\Ko4zQgTBHv.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\Ko4zQgTBHv.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\Ko4zQgTBHv.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\Ko4zQgTBHv.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\Ko4zQgTBHv.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\Ko4zQgTBHv.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\Ko4zQgTBHv.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\Ko4zQgTBHv.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\Ko4zQgTBHv.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\Ko4zQgTBHv.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\Ko4zQgTBHv.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\Ko4zQgTBHv.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\Ko4zQgTBHv.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\Ko4zQgTBHv.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\Ko4zQgTBHv.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\Ko4zQgTBHv.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\Ko4zQgTBHv.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\Ko4zQgTBHv.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\Ko4zQgTBHv.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\Ko4zQgTBHv.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\Ko4zQgTBHv.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\Ko4zQgTBHv.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\Ko4zQgTBHv.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\Ko4zQgTBHv.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\Ko4zQgTBHv.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\Ko4zQgTBHv.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\Ko4zQgTBHv.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\Ko4zQgTBHv.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\Ko4zQgTBHv.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\Ko4zQgTBHv.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\Ko4zQgTBHv.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\Ko4zQgTBHv.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\Ko4zQgTBHv.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\Ko4zQgTBHv.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\Ko4zQgTBHv.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\Ko4zQgTBHv.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\Ko4zQgTBHv.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\Ko4zQgTBHv.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\Ko4zQgTBHv.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\Ko4zQgTBHv.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\Ko4zQgTBHv.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\Ko4zQgTBHv.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\Ko4zQgTBHv.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\Ko4zQgTBHv.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\Ko4zQgTBHv.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\Ko4zQgTBHv.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\Ko4zQgTBHv.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\Ko4zQgTBHv.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\Ko4zQgTBHv.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\Ko4zQgTBHv.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\Ko4zQgTBHv.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\Ko4zQgTBHv.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\Ko4zQgTBHv.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\Ko4zQgTBHv.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\Ko4zQgTBHv.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\Ko4zQgTBHv.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\Ko4zQgTBHv.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\Ko4zQgTBHv.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\Ko4zQgTBHv.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\Ko4zQgTBHv.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\Ko4zQgTBHv.exe | Process information set: NOOPENFILEERRORBOX |
Source: Ko4zQgTBHv.exe, 00000000.00000002.342175940.0000000002D4E000.00000004.00000001.sdmp | Binary or memory string: vmware |
Source: Ko4zQgTBHv.exe, 00000000.00000002.342175940.0000000002D4E000.00000004.00000001.sdmp | Binary or memory string: C:\PROGRAM FILES\VMWARE\VMWARE TOOLS\ |
Source: Ko4zQgTBHv.exe, 00000000.00000002.342175940.0000000002D4E000.00000004.00000001.sdmp | Binary or memory string: SOFTWARE\VMware, Inc.\VMware Tools |
Source: Ko4zQgTBHv.exe, 00000000.00000002.342175940.0000000002D4E000.00000004.00000001.sdmp | Binary or memory string: VMware SVGA II!Add-MpPreference -ExclusionPath " |
Source: Ko4zQgTBHv.exe, 00000000.00000002.342175940.0000000002D4E000.00000004.00000001.sdmp | Binary or memory string: VMWARE |
Source: Ko4zQgTBHv.exe, 00000000.00000002.342175940.0000000002D4E000.00000004.00000001.sdmp | Binary or memory string: InstallPath%C:\PROGRAM FILES\VMWARE\VMWARE TOOLS\ |
Source: Ko4zQgTBHv.exe, 00000000.00000002.342175940.0000000002D4E000.00000004.00000001.sdmp | Binary or memory string: VMWARE"SOFTWARE\VMware, Inc.\VMware ToolsLHARDWARE\DEVICEMAP\Scsi\Scsi Port 1\Scsi Bus 0\Target Id 0\Logical Unit Id 0LHARDWARE\DEVICEMAP\Scsi\Scsi Port 2\Scsi Bus 0\Target Id 0\Logical Unit Id 0'SYSTEM\ControlSet001\Services\Disk\Enum |
Source: Ko4zQgTBHv.exe, 00000000.00000002.342175940.0000000002D4E000.00000004.00000001.sdmp | Binary or memory string: VMware SVGA II |
Source: Ko4zQgTBHv.exe, 00000000.00000002.342175940.0000000002D4E000.00000004.00000001.sdmp | Binary or memory string: vmwareNSYSTEM\ControlSet001\Control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}\0000 |
Source: Ko4zQgTBHv.exe, 00000004.00000002.599388925.0000000006690000.00000004.00000001.sdmp | Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll |
Source: C:\Users\user\Desktop\Ko4zQgTBHv.exe | Queries volume information: C:\Users\user\Desktop\Ko4zQgTBHv.exe VolumeInformation |
Source: C:\Users\user\Desktop\Ko4zQgTBHv.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation |
Source: C:\Users\user\Desktop\Ko4zQgTBHv.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation |
Source: C:\Users\user\Desktop\Ko4zQgTBHv.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation |
Source: C:\Users\user\Desktop\Ko4zQgTBHv.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation |
Source: C:\Users\user\Desktop\Ko4zQgTBHv.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Remoting\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll VolumeInformation |
Source: C:\Users\user\Desktop\Ko4zQgTBHv.exe | Queries volume information: C:\Users\user\Desktop\Ko4zQgTBHv.exe VolumeInformation |
Source: C:\Users\user\Desktop\Ko4zQgTBHv.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation |
Source: C:\Users\user\Desktop\Ko4zQgTBHv.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation |
Source: C:\Users\user\Desktop\Ko4zQgTBHv.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformation |
Source: C:\Users\user\Desktop\Ko4zQgTBHv.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformation |
Source: C:\Users\user\Desktop\Ko4zQgTBHv.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformation |
Source: C:\Users\user\Desktop\Ko4zQgTBHv.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll VolumeInformation |
Source: C:\Users\user\Desktop\Ko4zQgTBHv.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation |
Source: C:\Users\user\Desktop\Ko4zQgTBHv.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation |