Source: W9YDH79i8G.exe, 00000007.00000002.497630354.0000000003251000.00000004.00000001.sdmp |
String found in binary or memory: http://127.0.0.1:HTTP/1.1 |
Source: W9YDH79i8G.exe, 00000007.00000002.497762134.00000000032B3000.00000004.00000001.sdmp |
String found in binary or memory: http://3yctoQGYo4sp.com |
Source: W9YDH79i8G.exe, 00000007.00000002.497630354.0000000003251000.00000004.00000001.sdmp |
String found in binary or memory: http://DynDns.comDynDNS |
Source: W9YDH79i8G.exe, 00000007.00000002.497630354.0000000003251000.00000004.00000001.sdmp |
String found in binary or memory: http://HVIItO.com |
Source: W9YDH79i8G.exe, 00000007.00000002.497963649.0000000003314000.00000004.00000001.sdmp |
String found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl04 |
Source: W9YDH79i8G.exe, 00000007.00000002.506767918.0000000007060000.00000004.00000001.sdmp |
String found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06 |
Source: W9YDH79i8G.exe, 00000007.00000002.497963649.0000000003314000.00000004.00000001.sdmp |
String found in binary or memory: http://crt.sectigo.com/SectigoRSADomainValidationSecureServerCA.crt0# |
Source: W9YDH79i8G.exe, 00000007.00000002.497963649.0000000003314000.00000004.00000001.sdmp |
String found in binary or memory: http://mail.privateemail.com |
Source: W9YDH79i8G.exe, 00000007.00000002.497963649.0000000003314000.00000004.00000001.sdmp |
String found in binary or memory: http://ocsp.comodoca.com0 |
Source: W9YDH79i8G.exe, 00000007.00000002.497963649.0000000003314000.00000004.00000001.sdmp |
String found in binary or memory: http://ocsp.sectigo.com0 |
Source: W9YDH79i8G.exe, 00000000.00000002.252742797.0000000003334000.00000004.00000001.sdmp |
String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name |
Source: W9YDH79i8G.exe, 00000007.00000002.497963649.0000000003314000.00000004.00000001.sdmp |
String found in binary or memory: https://sectigo.com/CPS0 |
Source: W9YDH79i8G.exe, 00000000.00000002.252742797.0000000003334000.00000004.00000001.sdmp |
String found in binary or memory: https://stackpath.bootstrapcdn.com/bootstrap/4.5.0/css/bootstrap.min.css |
Source: W9YDH79i8G.exe, 00000000.00000002.254886399.0000000004412000.00000004.00000001.sdmp, W9YDH79i8G.exe, 00000007.00000002.494321847.0000000000402000.00000040.00000001.sdmp |
String found in binary or memory: https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip |
Source: W9YDH79i8G.exe, 00000007.00000002.497630354.0000000003251000.00000004.00000001.sdmp |
String found in binary or memory: https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip%tordir%%ha |
Source: C:\Users\user\Desktop\W9YDH79i8G.exe |
Code function: 0_2_00F02E25 |
0_2_00F02E25 |
Source: C:\Users\user\Desktop\W9YDH79i8G.exe |
Code function: 0_2_0BCE511C |
0_2_0BCE511C |
Source: C:\Users\user\Desktop\W9YDH79i8G.exe |
Code function: 0_2_0BCE18F8 |
0_2_0BCE18F8 |
Source: C:\Users\user\Desktop\W9YDH79i8G.exe |
Code function: 0_2_0BCE3048 |
0_2_0BCE3048 |
Source: C:\Users\user\Desktop\W9YDH79i8G.exe |
Code function: 0_2_0BCE1FB8 |
0_2_0BCE1FB8 |
Source: C:\Users\user\Desktop\W9YDH79i8G.exe |
Code function: 0_2_0BCE25D0 |
0_2_0BCE25D0 |
Source: C:\Users\user\Desktop\W9YDH79i8G.exe |
Code function: 0_2_0BCE1588 |
0_2_0BCE1588 |
Source: C:\Users\user\Desktop\W9YDH79i8G.exe |
Code function: 0_2_0BCE33F8 |
0_2_0BCE33F8 |
Source: C:\Users\user\Desktop\W9YDH79i8G.exe |
Code function: 0_2_0BCE18E8 |
0_2_0BCE18E8 |
Source: C:\Users\user\Desktop\W9YDH79i8G.exe |
Code function: 0_2_0BCE3039 |
0_2_0BCE3039 |
Source: C:\Users\user\Desktop\W9YDH79i8G.exe |
Code function: 0_2_0BCE1FA8 |
0_2_0BCE1FA8 |
Source: C:\Users\user\Desktop\W9YDH79i8G.exe |
Code function: 0_2_0BCE0700 |
0_2_0BCE0700 |
Source: C:\Users\user\Desktop\W9YDH79i8G.exe |
Code function: 0_2_0BCE0710 |
0_2_0BCE0710 |
Source: C:\Users\user\Desktop\W9YDH79i8G.exe |
Code function: 0_2_0BCE3626 |
0_2_0BCE3626 |
Source: C:\Users\user\Desktop\W9YDH79i8G.exe |
Code function: 0_2_0BCE25C0 |
0_2_0BCE25C0 |
Source: C:\Users\user\Desktop\W9YDH79i8G.exe |
Code function: 0_2_0BCE35C1 |
0_2_0BCE35C1 |
Source: C:\Users\user\Desktop\W9YDH79i8G.exe |
Code function: 0_2_0BCE1578 |
0_2_0BCE1578 |
Source: C:\Users\user\Desktop\W9YDH79i8G.exe |
Code function: 0_2_0BCE3408 |
0_2_0BCE3408 |
Source: C:\Users\user\Desktop\W9YDH79i8G.exe |
Code function: 3_2_00242E25 |
3_2_00242E25 |
Source: C:\Users\user\Desktop\W9YDH79i8G.exe |
Code function: 4_2_00322E25 |
4_2_00322E25 |
Source: C:\Users\user\Desktop\W9YDH79i8G.exe |
Code function: 6_2_00142E25 |
6_2_00142E25 |
Source: C:\Users\user\Desktop\W9YDH79i8G.exe |
Code function: 7_2_00F22E25 |
7_2_00F22E25 |
Source: C:\Users\user\Desktop\W9YDH79i8G.exe |
Code function: 7_2_014C5608 |
7_2_014C5608 |
Source: C:\Users\user\Desktop\W9YDH79i8G.exe |
Code function: 7_2_014C46C0 |
7_2_014C46C0 |
Source: C:\Users\user\Desktop\W9YDH79i8G.exe |
Code function: 7_2_014C06A8 |
7_2_014C06A8 |
Source: C:\Users\user\Desktop\W9YDH79i8G.exe |
Code function: 7_2_016F3F78 |
7_2_016F3F78 |
Source: C:\Users\user\Desktop\W9YDH79i8G.exe |
Code function: 7_2_016FEE68 |
7_2_016FEE68 |
Source: C:\Users\user\Desktop\W9YDH79i8G.exe |
Code function: 7_2_016F4A47 |
7_2_016F4A47 |
Source: C:\Users\user\Desktop\W9YDH79i8G.exe |
Code function: 7_2_016F9E58 |
7_2_016F9E58 |
Source: C:\Users\user\Desktop\W9YDH79i8G.exe |
Code function: 7_2_016FB240 |
7_2_016FB240 |
Source: C:\Users\user\Desktop\W9YDH79i8G.exe |
Code function: 7_2_017011B0 |
7_2_017011B0 |
Source: C:\Users\user\Desktop\W9YDH79i8G.exe |
Code function: 7_2_01704870 |
7_2_01704870 |
Source: C:\Users\user\Desktop\W9YDH79i8G.exe |
Code function: 7_2_017081E8 |
7_2_017081E8 |
Source: C:\Users\user\Desktop\W9YDH79i8G.exe |
Code function: 7_2_01735958 |
7_2_01735958 |
Source: C:\Users\user\Desktop\W9YDH79i8G.exe |
Code function: 7_2_0173E0D0 |
7_2_0173E0D0 |
Source: C:\Users\user\Desktop\W9YDH79i8G.exe |
Code function: 7_2_017366B8 |
7_2_017366B8 |
Source: C:\Users\user\Desktop\W9YDH79i8G.exe |
Code function: 7_2_0173EAB8 |
7_2_0173EAB8 |
Source: W9YDH79i8G.exe |
Binary or memory string: OriginalFilename vs W9YDH79i8G.exe |
Source: W9YDH79i8G.exe, 00000000.00000002.259927781.000000000C360000.00000002.00000001.sdmp |
Binary or memory string: System.OriginalFileName vs W9YDH79i8G.exe |
Source: W9YDH79i8G.exe, 00000000.00000002.252742797.0000000003334000.00000004.00000001.sdmp |
Binary or memory string: OriginalFilenameJUZFLaLNGVPGsrhHohqG.exe4 vs W9YDH79i8G.exe |
Source: W9YDH79i8G.exe, 00000000.00000002.252651996.00000000032F1000.00000004.00000001.sdmp |
Binary or memory string: OriginalFilenameSimpleUI.dll( vs W9YDH79i8G.exe |
Source: W9YDH79i8G.exe, 00000000.00000002.258927770.0000000006750000.00000004.00000001.sdmp |
Binary or memory string: OriginalFilenameDSASignature.dll@ vs W9YDH79i8G.exe |
Source: W9YDH79i8G.exe, 00000000.00000002.260065297.000000000C460000.00000002.00000001.sdmp |
Binary or memory string: originalfilename vs W9YDH79i8G.exe |
Source: W9YDH79i8G.exe, 00000000.00000002.260065297.000000000C460000.00000002.00000001.sdmp |
Binary or memory string: OriginalFilenamepropsys.dll.mui@ vs W9YDH79i8G.exe |
Source: W9YDH79i8G.exe |
Binary or memory string: OriginalFilename vs W9YDH79i8G.exe |
Source: W9YDH79i8G.exe |
Binary or memory string: OriginalFilename vs W9YDH79i8G.exe |
Source: W9YDH79i8G.exe |
Binary or memory string: OriginalFilename vs W9YDH79i8G.exe |
Source: W9YDH79i8G.exe |
Binary or memory string: OriginalFilename vs W9YDH79i8G.exe |
Source: W9YDH79i8G.exe, 00000007.00000002.496407374.00000000016E0000.00000002.00000001.sdmp |
Binary or memory string: OriginalFilenamewshom.ocx vs W9YDH79i8G.exe |
Source: W9YDH79i8G.exe, 00000007.00000002.506580834.0000000006BA0000.00000002.00000001.sdmp |
Binary or memory string: OriginalFilenamemscorrc.dllT vs W9YDH79i8G.exe |
Source: W9YDH79i8G.exe, 00000007.00000002.495042484.0000000001388000.00000004.00000001.sdmp |
Binary or memory string: OriginalFilenameUNKNOWN_FILET vs W9YDH79i8G.exe |
Source: W9YDH79i8G.exe, 00000007.00000002.494321847.0000000000402000.00000040.00000001.sdmp |
Binary or memory string: OriginalFilenameJUZFLaLNGVPGsrhHohqG.exe4 vs W9YDH79i8G.exe |
Source: W9YDH79i8G.exe, 00000007.00000002.496608102.0000000001710000.00000002.00000001.sdmp |
Binary or memory string: OriginalFilenamewshom.ocx.mui vs W9YDH79i8G.exe |
Source: W9YDH79i8G.exe |
Binary or memory string: OriginalFilenameAsyncCausalityTracer.exeR vs W9YDH79i8G.exe |
Source: 0.2.W9YDH79i8G.exe.f00000.0.unpack, TCP_Protocol/TypeExt.cs |
Suspicious method names: System.Object TCP_Protocol.TypeExt::PayloadGet(TCP_Protocol.Packet) |
Source: 0.2.W9YDH79i8G.exe.f00000.0.unpack, TCP_Protocol/TypeExt.cs |
Suspicious method names: TCP_Protocol.Packet TCP_Protocol.TypeExt::PayloadSet(TCP_Protocol.Packet&,System.Byte[]) |
Source: 0.2.W9YDH79i8G.exe.f00000.0.unpack, TCP_Protocol/TypeExt.cs |
Suspicious method names: System.Boolean TCP_Protocol.TypeExt::PayloadValidate(TCP_Protocol.Packet) |
Source: 3.2.W9YDH79i8G.exe.240000.0.unpack, TCP_Protocol/Packet.cs |
Suspicious method names: System.Void TCP_Protocol.Packet::set_Payload(System.Byte[]) |
Source: 3.2.W9YDH79i8G.exe.240000.0.unpack, TCP_Protocol/Packet.cs |
Suspicious method names: System.Byte[] TCP_Protocol.Packet::get_Payload() |
Source: 7.2.W9YDH79i8G.exe.f20000.1.unpack, TCP_Protocol/TypeExt.cs |
Suspicious method names: System.Object TCP_Protocol.TypeExt::PayloadGet(TCP_Protocol.Packet) |
Source: 7.2.W9YDH79i8G.exe.f20000.1.unpack, TCP_Protocol/TypeExt.cs |
Suspicious method names: TCP_Protocol.Packet TCP_Protocol.TypeExt::PayloadSet(TCP_Protocol.Packet&,System.Byte[]) |
Source: 7.2.W9YDH79i8G.exe.f20000.1.unpack, TCP_Protocol/TypeExt.cs |
Suspicious method names: System.Boolean TCP_Protocol.TypeExt::PayloadValidate(TCP_Protocol.Packet) |
Source: 0.0.W9YDH79i8G.exe.f00000.0.unpack, TCP_Protocol/Packet.cs |
Suspicious method names: System.Void TCP_Protocol.Packet::set_Payload(System.Byte[]) |
Source: 0.0.W9YDH79i8G.exe.f00000.0.unpack, TCP_Protocol/Packet.cs |
Suspicious method names: System.Byte[] TCP_Protocol.Packet::get_Payload() |
Source: 4.0.W9YDH79i8G.exe.320000.0.unpack, TCP_Protocol/TypeExt.cs |
Suspicious method names: System.Object TCP_Protocol.TypeExt::PayloadGet(TCP_Protocol.Packet) |
Source: 4.0.W9YDH79i8G.exe.320000.0.unpack, TCP_Protocol/TypeExt.cs |
Suspicious method names: TCP_Protocol.Packet TCP_Protocol.TypeExt::PayloadSet(TCP_Protocol.Packet&,System.Byte[]) |
Source: 4.0.W9YDH79i8G.exe.320000.0.unpack, TCP_Protocol/TypeExt.cs |
Suspicious method names: System.Boolean TCP_Protocol.TypeExt::PayloadValidate(TCP_Protocol.Packet) |
Source: 6.0.W9YDH79i8G.exe.140000.0.unpack, TCP_Protocol/Packet.cs |
Suspicious method names: System.Void TCP_Protocol.Packet::set_Payload(System.Byte[]) |
Source: 6.0.W9YDH79i8G.exe.140000.0.unpack, TCP_Protocol/Packet.cs |
Suspicious method names: System.Byte[] TCP_Protocol.Packet::get_Payload() |
Source: 4.0.W9YDH79i8G.exe.320000.0.unpack, TCP_Protocol/Packet.cs |
Suspicious method names: System.Void TCP_Protocol.Packet::set_Payload(System.Byte[]) |
Source: 4.0.W9YDH79i8G.exe.320000.0.unpack, TCP_Protocol/Packet.cs |
Suspicious method names: System.Byte[] TCP_Protocol.Packet::get_Payload() |
Source: 4.2.W9YDH79i8G.exe.320000.0.unpack, TCP_Protocol/Packet.cs |
Suspicious method names: System.Void TCP_Protocol.Packet::set_Payload(System.Byte[]) |
Source: 4.2.W9YDH79i8G.exe.320000.0.unpack, TCP_Protocol/Packet.cs |
Suspicious method names: System.Byte[] TCP_Protocol.Packet::get_Payload() |
Source: 3.0.W9YDH79i8G.exe.240000.0.unpack, TCP_Protocol/Packet.cs |
Suspicious method names: System.Void TCP_Protocol.Packet::set_Payload(System.Byte[]) |
Source: 3.0.W9YDH79i8G.exe.240000.0.unpack, TCP_Protocol/Packet.cs |
Suspicious method names: System.Byte[] TCP_Protocol.Packet::get_Payload() |
Source: 4.2.W9YDH79i8G.exe.320000.0.unpack, TCP_Protocol/TypeExt.cs |
Suspicious method names: System.Object TCP_Protocol.TypeExt::PayloadGet(TCP_Protocol.Packet) |
Source: 4.2.W9YDH79i8G.exe.320000.0.unpack, TCP_Protocol/TypeExt.cs |
Suspicious method names: TCP_Protocol.Packet TCP_Protocol.TypeExt::PayloadSet(TCP_Protocol.Packet&,System.Byte[]) |
Source: 4.2.W9YDH79i8G.exe.320000.0.unpack, TCP_Protocol/TypeExt.cs |
Suspicious method names: System.Boolean TCP_Protocol.TypeExt::PayloadValidate(TCP_Protocol.Packet) |
Source: 0.2.W9YDH79i8G.exe.f00000.0.unpack, TCP_Protocol/Packet.cs |
Suspicious method names: System.Void TCP_Protocol.Packet::set_Payload(System.Byte[]) |
Source: 0.2.W9YDH79i8G.exe.f00000.0.unpack, TCP_Protocol/Packet.cs |
Suspicious method names: System.Byte[] TCP_Protocol.Packet::get_Payload() |
Source: 0.0.W9YDH79i8G.exe.f00000.0.unpack, TCP_Protocol/TypeExt.cs |
Suspicious method names: System.Object TCP_Protocol.TypeExt::PayloadGet(TCP_Protocol.Packet) |
Source: 0.0.W9YDH79i8G.exe.f00000.0.unpack, TCP_Protocol/TypeExt.cs |
Suspicious method names: TCP_Protocol.Packet TCP_Protocol.TypeExt::PayloadSet(TCP_Protocol.Packet&,System.Byte[]) |
Source: 0.0.W9YDH79i8G.exe.f00000.0.unpack, TCP_Protocol/TypeExt.cs |
Suspicious method names: System.Boolean TCP_Protocol.TypeExt::PayloadValidate(TCP_Protocol.Packet) |
Source: 6.2.W9YDH79i8G.exe.140000.0.unpack, TCP_Protocol/Packet.cs |
Suspicious method names: System.Void TCP_Protocol.Packet::set_Payload(System.Byte[]) |
Source: 6.2.W9YDH79i8G.exe.140000.0.unpack, TCP_Protocol/Packet.cs |
Suspicious method names: System.Byte[] TCP_Protocol.Packet::get_Payload() |
Source: 7.0.W9YDH79i8G.exe.f20000.0.unpack, TCP_Protocol/Packet.cs |
Suspicious method names: System.Void TCP_Protocol.Packet::set_Payload(System.Byte[]) |
Source: 7.0.W9YDH79i8G.exe.f20000.0.unpack, TCP_Protocol/Packet.cs |
Suspicious method names: System.Byte[] TCP_Protocol.Packet::get_Payload() |
Source: W9YDH79i8G.exe, TCP_Protocol/TypeExt.cs |
Suspicious method names: System.Object TCP_Protocol.TypeExt::PayloadGet(TCP_Protocol.Packet) |
Source: W9YDH79i8G.exe, TCP_Protocol/TypeExt.cs |
Suspicious method names: TCP_Protocol.Packet TCP_Protocol.TypeExt::PayloadSet(TCP_Protocol.Packet&,System.Byte[]) |
Source: W9YDH79i8G.exe, TCP_Protocol/TypeExt.cs |
Suspicious method names: System.Boolean TCP_Protocol.TypeExt::PayloadValidate(TCP_Protocol.Packet) |
Source: 3.0.W9YDH79i8G.exe.240000.0.unpack, TCP_Protocol/TypeExt.cs |
Suspicious method names: System.Object TCP_Protocol.TypeExt::PayloadGet(TCP_Protocol.Packet) |
Source: 3.0.W9YDH79i8G.exe.240000.0.unpack, TCP_Protocol/TypeExt.cs |
Suspicious method names: TCP_Protocol.Packet TCP_Protocol.TypeExt::PayloadSet(TCP_Protocol.Packet&,System.Byte[]) |
Source: 3.0.W9YDH79i8G.exe.240000.0.unpack, TCP_Protocol/TypeExt.cs |
Suspicious method names: System.Boolean TCP_Protocol.TypeExt::PayloadValidate(TCP_Protocol.Packet) |
Source: W9YDH79i8G.exe, TCP_Protocol/Packet.cs |
Suspicious method names: System.Void TCP_Protocol.Packet::set_Payload(System.Byte[]) |
Source: W9YDH79i8G.exe, TCP_Protocol/Packet.cs |
Suspicious method names: System.Byte[] TCP_Protocol.Packet::get_Payload() |
Source: KcsilHD.exe.0.dr, TCP_Protocol/TypeExt.cs |
Suspicious method names: System.Object TCP_Protocol.TypeExt::PayloadGet(TCP_Protocol.Packet) |
Source: KcsilHD.exe.0.dr, TCP_Protocol/TypeExt.cs |
Suspicious method names: TCP_Protocol.Packet TCP_Protocol.TypeExt::PayloadSet(TCP_Protocol.Packet&,System.Byte[]) |
Source: KcsilHD.exe.0.dr, TCP_Protocol/TypeExt.cs |
Suspicious method names: System.Boolean TCP_Protocol.TypeExt::PayloadValidate(TCP_Protocol.Packet) |
Source: 7.0.W9YDH79i8G.exe.f20000.0.unpack, TCP_Protocol/TypeExt.cs |
Suspicious method names: System.Object TCP_Protocol.TypeExt::PayloadGet(TCP_Protocol.Packet) |
Source: 7.0.W9YDH79i8G.exe.f20000.0.unpack, TCP_Protocol/TypeExt.cs |
Suspicious method names: TCP_Protocol.Packet TCP_Protocol.TypeExt::PayloadSet(TCP_Protocol.Packet&,System.Byte[]) |
Source: 7.0.W9YDH79i8G.exe.f20000.0.unpack, TCP_Protocol/TypeExt.cs |
Suspicious method names: System.Boolean TCP_Protocol.TypeExt::PayloadValidate(TCP_Protocol.Packet) |
Source: 3.2.W9YDH79i8G.exe.240000.0.unpack, TCP_Protocol/TypeExt.cs |
Suspicious method names: System.Object TCP_Protocol.TypeExt::PayloadGet(TCP_Protocol.Packet) |
Source: 3.2.W9YDH79i8G.exe.240000.0.unpack, TCP_Protocol/TypeExt.cs |
Suspicious method names: TCP_Protocol.Packet TCP_Protocol.TypeExt::PayloadSet(TCP_Protocol.Packet&,System.Byte[]) |
Source: 3.2.W9YDH79i8G.exe.240000.0.unpack, TCP_Protocol/TypeExt.cs |
Suspicious method names: System.Boolean TCP_Protocol.TypeExt::PayloadValidate(TCP_Protocol.Packet) |
Source: KcsilHD.exe.0.dr, TCP_Protocol/Packet.cs |
Suspicious method names: System.Void TCP_Protocol.Packet::set_Payload(System.Byte[]) |
Source: KcsilHD.exe.0.dr, TCP_Protocol/Packet.cs |
Suspicious method names: System.Byte[] TCP_Protocol.Packet::get_Payload() |
Source: 7.2.W9YDH79i8G.exe.f20000.1.unpack, TCP_Protocol/Packet.cs |
Suspicious method names: System.Void TCP_Protocol.Packet::set_Payload(System.Byte[]) |
Source: 7.2.W9YDH79i8G.exe.f20000.1.unpack, TCP_Protocol/Packet.cs |
Suspicious method names: System.Byte[] TCP_Protocol.Packet::get_Payload() |
Source: 6.2.W9YDH79i8G.exe.140000.0.unpack, TCP_Protocol/TypeExt.cs |
Suspicious method names: System.Object TCP_Protocol.TypeExt::PayloadGet(TCP_Protocol.Packet) |
Source: 6.2.W9YDH79i8G.exe.140000.0.unpack, TCP_Protocol/TypeExt.cs |
Suspicious method names: TCP_Protocol.Packet TCP_Protocol.TypeExt::PayloadSet(TCP_Protocol.Packet&,System.Byte[]) |
Source: 6.2.W9YDH79i8G.exe.140000.0.unpack, TCP_Protocol/TypeExt.cs |
Suspicious method names: System.Boolean TCP_Protocol.TypeExt::PayloadValidate(TCP_Protocol.Packet) |
Source: 6.0.W9YDH79i8G.exe.140000.0.unpack, TCP_Protocol/TypeExt.cs |
Suspicious method names: System.Object TCP_Protocol.TypeExt::PayloadGet(TCP_Protocol.Packet) |
Source: 6.0.W9YDH79i8G.exe.140000.0.unpack, TCP_Protocol/TypeExt.cs |
Suspicious method names: TCP_Protocol.Packet TCP_Protocol.TypeExt::PayloadSet(TCP_Protocol.Packet&,System.Byte[]) |
Source: 6.0.W9YDH79i8G.exe.140000.0.unpack, TCP_Protocol/TypeExt.cs |
Suspicious method names: System.Boolean TCP_Protocol.TypeExt::PayloadValidate(TCP_Protocol.Packet) |
Source: W9YDH79i8G.exe, 00000000.00000002.252742797.0000000003334000.00000004.00000001.sdmp |
Binary or memory string: Select * from Clientes WHERE id=@id;; |
Source: W9YDH79i8G.exe, 00000000.00000002.252742797.0000000003334000.00000004.00000001.sdmp |
Binary or memory string: Select * from Aluguel Erro ao listar Banco sql-Aluguel.INSERT INTO Aluguel VALUES(@clienteID, @data); |
Source: W9YDH79i8G.exe, 00000000.00000002.252742797.0000000003334000.00000004.00000001.sdmp |
Binary or memory string: Select * from SecurityLogonType WHERE id=@id; |
Source: W9YDH79i8G.exe, 00000000.00000002.252742797.0000000003334000.00000004.00000001.sdmp |
Binary or memory string: Select * from SecurityLogonType WHERE modelo=@modelo; |
Source: W9YDH79i8G.exe, 00000000.00000002.252742797.0000000003334000.00000004.00000001.sdmp |
Binary or memory string: INSERT INTO Itens_Aluguel VALUES(@aluguelID, @aviaoID, @validade); |
Source: W9YDH79i8G.exe, 00000000.00000002.252742797.0000000003334000.00000004.00000001.sdmp |
Binary or memory string: Insert into Clientes values (@nome, @cpf, @rg, @cidade, @endereco, @uf, @telefone); |
Source: W9YDH79i8G.exe, 00000000.00000002.252742797.0000000003334000.00000004.00000001.sdmp |
Binary or memory string: INSERT INTO Aluguel VALUES(@clienteID, @data); |
Source: W9YDH79i8G.exe, 00000000.00000002.252742797.0000000003334000.00000004.00000001.sdmp |
Binary or memory string: INSERT INTO SecurityLogonType VALUES(@modelo, @fabricante, @ano, @cor); |
Source: W9YDH79i8G.exe, 00000000.00000002.252742797.0000000003334000.00000004.00000001.sdmp |
Binary or memory string: Select * from SecurityLogonType*Erro ao listar Banco sql-SecurityLogonType,Select * from SecurityLogonType WHERE id=@id;Select * from SecurityLogonType WHERE (modelo LIKE @modelo) |
Source: unknown |
Process created: C:\Users\user\Desktop\W9YDH79i8G.exe 'C:\Users\user\Desktop\W9YDH79i8G.exe' |
|
Source: C:\Users\user\Desktop\W9YDH79i8G.exe |
Process created: C:\Windows\SysWOW64\schtasks.exe 'C:\Windows\System32\schtasks.exe' /Create /TN 'Updates\KcsilHD' /XML 'C:\Users\user\AppData\Local\Temp\tmp4276.tmp' |
|
Source: C:\Windows\SysWOW64\schtasks.exe |
Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 |
|
Source: C:\Users\user\Desktop\W9YDH79i8G.exe |
Process created: C:\Users\user\Desktop\W9YDH79i8G.exe C:\Users\user\Desktop\W9YDH79i8G.exe |
|
Source: C:\Users\user\Desktop\W9YDH79i8G.exe |
Process created: C:\Users\user\Desktop\W9YDH79i8G.exe C:\Users\user\Desktop\W9YDH79i8G.exe |
|
Source: C:\Users\user\Desktop\W9YDH79i8G.exe |
Process created: C:\Users\user\Desktop\W9YDH79i8G.exe C:\Users\user\Desktop\W9YDH79i8G.exe |
|
Source: C:\Users\user\Desktop\W9YDH79i8G.exe |
Process created: C:\Users\user\Desktop\W9YDH79i8G.exe C:\Users\user\Desktop\W9YDH79i8G.exe |
|
Source: C:\Users\user\Desktop\W9YDH79i8G.exe |
Process created: C:\Windows\SysWOW64\schtasks.exe 'C:\Windows\System32\schtasks.exe' /Create /TN 'Updates\KcsilHD' /XML 'C:\Users\user\AppData\Local\Temp\tmp4276.tmp' |
Jump to behavior |
Source: C:\Users\user\Desktop\W9YDH79i8G.exe |
Process created: C:\Users\user\Desktop\W9YDH79i8G.exe C:\Users\user\Desktop\W9YDH79i8G.exe |
Jump to behavior |
Source: C:\Users\user\Desktop\W9YDH79i8G.exe |
Process created: C:\Users\user\Desktop\W9YDH79i8G.exe C:\Users\user\Desktop\W9YDH79i8G.exe |
Jump to behavior |
Source: C:\Users\user\Desktop\W9YDH79i8G.exe |
Process created: C:\Users\user\Desktop\W9YDH79i8G.exe C:\Users\user\Desktop\W9YDH79i8G.exe |
Jump to behavior |
Source: C:\Users\user\Desktop\W9YDH79i8G.exe |
Process created: C:\Users\user\Desktop\W9YDH79i8G.exe C:\Users\user\Desktop\W9YDH79i8G.exe |
Jump to behavior |
Source: C:\Users\user\Desktop\W9YDH79i8G.exe |
Code function: 0_2_0BCE7025 push FFFFFF8Bh; iretd |
0_2_0BCE7027 |
Source: C:\Users\user\Desktop\W9YDH79i8G.exe |
Code function: 7_2_014C3850 pushad ; iretd |
7_2_014C3851 |
Source: C:\Users\user\Desktop\W9YDH79i8G.exe |
Code function: 7_2_0173D550 pushfd ; retf |
7_2_0173D591 |
Source: C:\Users\user\Desktop\W9YDH79i8G.exe |
Code function: 7_2_0173D500 pushfd ; retf |
7_2_0173D501 |
Source: C:\Users\user\Desktop\W9YDH79i8G.exe |
Code function: 7_2_0173D468 pushfd ; retf |
7_2_0173D4AD |
Source: C:\Users\user\Desktop\W9YDH79i8G.exe |
Code function: 7_2_0173D468 pushfd ; retf |
7_2_0173D4D9 |
Source: C:\Users\user\Desktop\W9YDH79i8G.exe |
Code function: 7_2_0173D45C pushfd ; retf |
7_2_0173D461 |
Source: C:\Users\user\Desktop\W9YDH79i8G.exe |
Code function: 7_2_0173D4F0 pushfd ; retf |
7_2_0173D4F1 |
Source: C:\Users\user\Desktop\W9YDH79i8G.exe |
Code function: 7_2_0173D4F4 pushfd ; retf |
7_2_0173D4F5 |
Source: C:\Users\user\Desktop\W9YDH79i8G.exe |
Code function: 7_2_0173D4F8 pushfd ; retf |
7_2_0173D4F9 |
Source: C:\Users\user\Desktop\W9YDH79i8G.exe |
Code function: 7_2_0173D4E0 pushfd ; retf |
7_2_0173D4E1 |
Source: C:\Users\user\Desktop\W9YDH79i8G.exe |
Code function: 7_2_0173D4E4 pushfd ; retf |
7_2_0173D4E5 |
Source: C:\Users\user\Desktop\W9YDH79i8G.exe |
Code function: 7_2_0173D4E8 pushfd ; retf |
7_2_0173D4E9 |
Source: C:\Users\user\Desktop\W9YDH79i8G.exe |
Code function: 7_2_0173D4EC pushfd ; retf |
7_2_0173D4ED |
Source: C:\Users\user\Desktop\W9YDH79i8G.exe |
Code function: 7_2_0173D4DC pushfd ; retf |
7_2_0173D4DD |
Source: C:\Users\user\Desktop\W9YDH79i8G.exe |
Code function: 7_2_0173D378 pushfd ; retf |
7_2_0173D37D |
Source: C:\Users\user\Desktop\W9YDH79i8G.exe |
Code function: 7_2_0173D32C pushfd ; retf |
7_2_0173D331 |
Source: C:\Users\user\Desktop\W9YDH79i8G.exe |
Code function: 7_2_0173D3D0 pushfd ; retf |
7_2_0173D415 |
Source: C:\Users\user\Desktop\W9YDH79i8G.exe |
Code function: 7_2_0173D3C4 pushfd ; retf |
7_2_0173D3C9 |
Source: C:\Users\user\Desktop\W9YDH79i8G.exe |
Code function: 7_2_0173B39F push edi; retn 0000h |
7_2_0173B3A1 |
Source: C:\Users\user\Desktop\W9YDH79i8G.exe |
Code function: 7_2_0173D2E0 pushfd ; retf |
7_2_0173D2E5 |
Source: C:\Users\user\Desktop\W9YDH79i8G.exe |
Code function: 7_2_0173D294 pushfd ; retf |
7_2_0173D299 |
Source: C:\Users\user\Desktop\W9YDH79i8G.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\W9YDH79i8G.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\W9YDH79i8G.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\W9YDH79i8G.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\W9YDH79i8G.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\W9YDH79i8G.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\W9YDH79i8G.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\W9YDH79i8G.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\W9YDH79i8G.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\W9YDH79i8G.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\W9YDH79i8G.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\W9YDH79i8G.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\W9YDH79i8G.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\W9YDH79i8G.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\W9YDH79i8G.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\W9YDH79i8G.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\W9YDH79i8G.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\W9YDH79i8G.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\W9YDH79i8G.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\W9YDH79i8G.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\W9YDH79i8G.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\W9YDH79i8G.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\W9YDH79i8G.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\W9YDH79i8G.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\W9YDH79i8G.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\W9YDH79i8G.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\W9YDH79i8G.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\W9YDH79i8G.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\W9YDH79i8G.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\W9YDH79i8G.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\W9YDH79i8G.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\W9YDH79i8G.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\W9YDH79i8G.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\W9YDH79i8G.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\W9YDH79i8G.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\W9YDH79i8G.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\W9YDH79i8G.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\W9YDH79i8G.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\W9YDH79i8G.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\W9YDH79i8G.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\W9YDH79i8G.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\W9YDH79i8G.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\W9YDH79i8G.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\W9YDH79i8G.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\W9YDH79i8G.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\W9YDH79i8G.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\W9YDH79i8G.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\W9YDH79i8G.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\W9YDH79i8G.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\W9YDH79i8G.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\W9YDH79i8G.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\W9YDH79i8G.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\W9YDH79i8G.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\W9YDH79i8G.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\W9YDH79i8G.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\W9YDH79i8G.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\W9YDH79i8G.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\W9YDH79i8G.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\W9YDH79i8G.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\W9YDH79i8G.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\W9YDH79i8G.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\W9YDH79i8G.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\W9YDH79i8G.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\W9YDH79i8G.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\W9YDH79i8G.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\W9YDH79i8G.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\W9YDH79i8G.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\W9YDH79i8G.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\W9YDH79i8G.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\W9YDH79i8G.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\W9YDH79i8G.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\W9YDH79i8G.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\W9YDH79i8G.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\W9YDH79i8G.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\W9YDH79i8G.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\W9YDH79i8G.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\W9YDH79i8G.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\W9YDH79i8G.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\W9YDH79i8G.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\W9YDH79i8G.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\W9YDH79i8G.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\W9YDH79i8G.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\W9YDH79i8G.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\W9YDH79i8G.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\W9YDH79i8G.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\W9YDH79i8G.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\W9YDH79i8G.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\W9YDH79i8G.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\W9YDH79i8G.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\W9YDH79i8G.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\W9YDH79i8G.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\W9YDH79i8G.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: W9YDH79i8G.exe, 00000000.00000002.252742797.0000000003334000.00000004.00000001.sdmp |
Binary or memory string: vmware |
Source: W9YDH79i8G.exe, 00000000.00000002.252742797.0000000003334000.00000004.00000001.sdmp |
Binary or memory string: C:\PROGRAM FILES\VMWARE\VMWARE TOOLS\ |
Source: W9YDH79i8G.exe, 00000000.00000002.252742797.0000000003334000.00000004.00000001.sdmp |
Binary or memory string: SOFTWARE\VMware, Inc.\VMware Tools |
Source: W9YDH79i8G.exe, 00000000.00000002.252742797.0000000003334000.00000004.00000001.sdmp |
Binary or memory string: VMware SVGA II!Add-MpPreference -ExclusionPath " |
Source: W9YDH79i8G.exe, 00000000.00000002.252742797.0000000003334000.00000004.00000001.sdmp |
Binary or memory string: VMWARE |
Source: W9YDH79i8G.exe, 00000000.00000002.252742797.0000000003334000.00000004.00000001.sdmp |
Binary or memory string: InstallPath%C:\PROGRAM FILES\VMWARE\VMWARE TOOLS\ |
Source: W9YDH79i8G.exe, 00000000.00000002.252742797.0000000003334000.00000004.00000001.sdmp |
Binary or memory string: VMWARE"SOFTWARE\VMware, Inc.\VMware ToolsLHARDWARE\DEVICEMAP\Scsi\Scsi Port 1\Scsi Bus 0\Target Id 0\Logical Unit Id 0LHARDWARE\DEVICEMAP\Scsi\Scsi Port 2\Scsi Bus 0\Target Id 0\Logical Unit Id 0'SYSTEM\ControlSet001\Services\Disk\Enum |
Source: W9YDH79i8G.exe, 00000000.00000002.252742797.0000000003334000.00000004.00000001.sdmp |
Binary or memory string: VMware SVGA II |
Source: W9YDH79i8G.exe, 00000000.00000002.252742797.0000000003334000.00000004.00000001.sdmp |
Binary or memory string: vmwareNSYSTEM\ControlSet001\Control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}\0000 |
Source: C:\Users\user\Desktop\W9YDH79i8G.exe |
Queries volume information: C:\Users\user\Desktop\W9YDH79i8G.exe VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\W9YDH79i8G.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\W9YDH79i8G.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\W9YDH79i8G.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\W9YDH79i8G.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\W9YDH79i8G.exe |
Queries volume information: C:\Users\user\Desktop\W9YDH79i8G.exe VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\W9YDH79i8G.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\W9YDH79i8G.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\W9YDH79i8G.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\W9YDH79i8G.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\W9YDH79i8G.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\W9YDH79i8G.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\W9YDH79i8G.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\W9YDH79i8G.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation |
Jump to behavior |
Source: Yara match |
File source: 00000000.00000002.254574303.00000000042F9000.00000004.00000001.sdmp, type: MEMORY |
Source: Yara match |
File source: 00000007.00000002.497630354.0000000003251000.00000004.00000001.sdmp, type: MEMORY |
Source: Yara match |
File source: 00000007.00000002.494321847.0000000000402000.00000040.00000001.sdmp, type: MEMORY |
Source: Yara match |
File source: 00000000.00000002.254886399.0000000004412000.00000004.00000001.sdmp, type: MEMORY |
Source: Yara match |
File source: 00000007.00000002.497673320.0000000003286000.00000004.00000001.sdmp, type: MEMORY |
Source: Yara match |
File source: 00000007.00000002.497762134.00000000032B3000.00000004.00000001.sdmp, type: MEMORY |
Source: Yara match |
File source: Process Memory Space: W9YDH79i8G.exe PID: 5656, type: MEMORY |
Source: Yara match |
File source: Process Memory Space: W9YDH79i8G.exe PID: 6316, type: MEMORY |
Source: Yara match |
File source: 0.2.W9YDH79i8G.exe.4428d80.2.raw.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 0.2.W9YDH79i8G.exe.4428d80.2.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 7.2.W9YDH79i8G.exe.400000.0.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 00000000.00000002.254574303.00000000042F9000.00000004.00000001.sdmp, type: MEMORY |
Source: Yara match |
File source: 00000007.00000002.497630354.0000000003251000.00000004.00000001.sdmp, type: MEMORY |
Source: Yara match |
File source: 00000007.00000002.494321847.0000000000402000.00000040.00000001.sdmp, type: MEMORY |
Source: Yara match |
File source: 00000000.00000002.254886399.0000000004412000.00000004.00000001.sdmp, type: MEMORY |
Source: Yara match |
File source: 00000007.00000002.497673320.0000000003286000.00000004.00000001.sdmp, type: MEMORY |
Source: Yara match |
File source: 00000007.00000002.497762134.00000000032B3000.00000004.00000001.sdmp, type: MEMORY |
Source: Yara match |
File source: Process Memory Space: W9YDH79i8G.exe PID: 5656, type: MEMORY |
Source: Yara match |
File source: Process Memory Space: W9YDH79i8G.exe PID: 6316, type: MEMORY |
Source: Yara match |
File source: 0.2.W9YDH79i8G.exe.4428d80.2.raw.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 0.2.W9YDH79i8G.exe.4428d80.2.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 7.2.W9YDH79i8G.exe.400000.0.unpack, type: UNPACKEDPE |