Source: d6U17S2KY1.exe, 00000006.00000002.499359389.0000000002E51000.00000004.00000001.sdmp | String found in binary or memory: http://127.0.0.1:HTTP/1.1 |
Source: d6U17S2KY1.exe, 00000006.00000002.499359389.0000000002E51000.00000004.00000001.sdmp | String found in binary or memory: http://DynDns.comDynDNS |
Source: d6U17S2KY1.exe, 00000000.00000003.236530493.0000000002D1F000.00000004.00000001.sdmp | String found in binary or memory: http://checkip.dyndns.org/ |
Source: d6U17S2KY1.exe, 00000006.00000002.501667729.0000000003109000.00000004.00000001.sdmp | String found in binary or memory: http://mail.karsanmax.com |
Source: d6U17S2KY1.exe, 00000006.00000002.499359389.0000000002E51000.00000004.00000001.sdmp | String found in binary or memory: http://omALlu.com |
Source: d6U17S2KY1.exe, 00000000.00000002.249344198.00000000023D1000.00000004.00000001.sdmp | String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name |
Source: d6U17S2KY1.exe, 00000000.00000003.236530493.0000000002D1F000.00000004.00000001.sdmp | String found in binary or memory: http://servermanager.miixit.org/1 |
Source: d6U17S2KY1.exe, 00000000.00000003.236530493.0000000002D1F000.00000004.00000001.sdmp | String found in binary or memory: http://servermanager.miixit.org/downloads/ |
Source: d6U17S2KY1.exe, 00000000.00000003.236530493.0000000002D1F000.00000004.00000001.sdmp | String found in binary or memory: http://servermanager.miixit.org/hits/hit_index.php?k= |
Source: d6U17S2KY1.exe, 00000000.00000003.236530493.0000000002D1F000.00000004.00000001.sdmp | String found in binary or memory: http://servermanager.miixit.org/index_ru.html |
Source: d6U17S2KY1.exe, 00000000.00000003.236530493.0000000002D1F000.00000004.00000001.sdmp | String found in binary or memory: http://servermanager.miixit.org/index_ru.htmlc |
Source: d6U17S2KY1.exe, 00000000.00000003.236530493.0000000002D1F000.00000004.00000001.sdmp | String found in binary or memory: http://servermanager.miixit.org/report/reporter_index.php?name= |
Source: d6U17S2KY1.exe, 00000006.00000002.499359389.0000000002E51000.00000004.00000001.sdmp | String found in binary or memory: https://OALTDCqAt3tOO06lu.org |
Source: d6U17S2KY1.exe, 00000000.00000002.249385166.0000000002410000.00000004.00000001.sdmp | String found in binary or memory: https://stackpath.bootstrapcdn.com/bootstrap/4.5.0/css/bootstrap.min.css |
Source: d6U17S2KY1.exe, 00000000.00000003.236530493.0000000002D1F000.00000004.00000001.sdmp | String found in binary or memory: https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=CJU3DBQXBUQPC |
Source: d6U17S2KY1.exe, 00000000.00000003.236530493.0000000002D1F000.00000004.00000001.sdmp | String found in binary or memory: https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=CJU3DBQXBUQPC5http://servermana |
Source: d6U17S2KY1.exe, 00000000.00000002.251253442.0000000003425000.00000004.00000001.sdmp, d6U17S2KY1.exe, 00000006.00000002.489554131.0000000000402000.00000040.00000001.sdmp | String found in binary or memory: https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip |
Source: d6U17S2KY1.exe, 00000006.00000002.499359389.0000000002E51000.00000004.00000001.sdmp | String found in binary or memory: https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip%tordir%%ha |
Source: C:\Users\user\Desktop\d6U17S2KY1.exe | Code function: 0_2_00BAC0B8 |
Source: C:\Users\user\Desktop\d6U17S2KY1.exe | Code function: 0_2_00BA04E1 |
Source: C:\Users\user\Desktop\d6U17S2KY1.exe | Code function: 0_2_00BA3831 |
Source: C:\Users\user\Desktop\d6U17S2KY1.exe | Code function: 0_2_00BA2DE8 |
Source: C:\Users\user\Desktop\d6U17S2KY1.exe | Code function: 0_2_00BA2550 |
Source: C:\Users\user\Desktop\d6U17S2KY1.exe | Code function: 0_2_00BA4720 |
Source: C:\Users\user\Desktop\d6U17S2KY1.exe | Code function: 0_2_00BAB0B8 |
Source: C:\Users\user\Desktop\d6U17S2KY1.exe | Code function: 0_2_00BA64B9 |
Source: C:\Users\user\Desktop\d6U17S2KY1.exe | Code function: 0_2_00BA24B0 |
Source: C:\Users\user\Desktop\d6U17S2KY1.exe | Code function: 0_2_00BA6CF0 |
Source: C:\Users\user\Desktop\d6U17S2KY1.exe | Code function: 0_2_00BA2820 |
Source: C:\Users\user\Desktop\d6U17S2KY1.exe | Code function: 0_2_00BA6850 |
Source: C:\Users\user\Desktop\d6U17S2KY1.exe | Code function: 0_2_00BA6840 |
Source: C:\Users\user\Desktop\d6U17S2KY1.exe | Code function: 0_2_00BA1998 |
Source: C:\Users\user\Desktop\d6U17S2KY1.exe | Code function: 0_2_00BA7998 |
Source: C:\Users\user\Desktop\d6U17S2KY1.exe | Code function: 0_2_00BA45F2 |
Source: C:\Users\user\Desktop\d6U17S2KY1.exe | Code function: 0_2_00BA6AB0 |
Source: C:\Users\user\Desktop\d6U17S2KY1.exe | Code function: 0_2_00BA32B1 |
Source: C:\Users\user\Desktop\d6U17S2KY1.exe | Code function: 0_2_00BA5680 |
Source: C:\Users\user\Desktop\d6U17S2KY1.exe | Code function: 0_2_00BA6ED0 |
Source: C:\Users\user\Desktop\d6U17S2KY1.exe | Code function: 0_2_00BA6AC0 |
Source: C:\Users\user\Desktop\d6U17S2KY1.exe | Code function: 0_2_00BAAA30 |
Source: C:\Users\user\Desktop\d6U17S2KY1.exe | Code function: 0_2_00BA4629 |
Source: C:\Users\user\Desktop\d6U17S2KY1.exe | Code function: 0_2_00BA5670 |
Source: C:\Users\user\Desktop\d6U17S2KY1.exe | Code function: 0_2_00BAA3F0 |
Source: C:\Users\user\Desktop\d6U17S2KY1.exe | Code function: 0_2_04BB5C90 |
Source: C:\Users\user\Desktop\d6U17S2KY1.exe | Code function: 0_2_04BB65A0 |
Source: C:\Users\user\Desktop\d6U17S2KY1.exe | Code function: 0_2_04BB07B8 |
Source: C:\Users\user\Desktop\d6U17S2KY1.exe | Code function: 0_2_04BB8711 |
Source: C:\Users\user\Desktop\d6U17S2KY1.exe | Code function: 0_2_04BB3880 |
Source: C:\Users\user\Desktop\d6U17S2KY1.exe | Code function: 0_2_04BB6078 |
Source: C:\Users\user\Desktop\d6U17S2KY1.exe | Code function: 0_2_04BB0040 |
Source: C:\Users\user\Desktop\d6U17S2KY1.exe | Code function: 0_2_04BBB188 |
Source: C:\Users\user\Desktop\d6U17S2KY1.exe | Code function: 0_2_04BB99D1 |
Source: C:\Users\user\Desktop\d6U17S2KY1.exe | Code function: 0_2_04BB5962 |
Source: C:\Users\user\Desktop\d6U17S2KY1.exe | Code function: 0_2_04BBD950 |
Source: C:\Users\user\Desktop\d6U17S2KY1.exe | Code function: 0_2_04BB9258 |
Source: C:\Users\user\Desktop\d6U17S2KY1.exe | Code function: 0_2_04BBB244 |
Source: C:\Users\user\Desktop\d6U17S2KY1.exe | Code function: 0_2_04BBA331 |
Source: C:\Users\user\Desktop\d6U17S2KY1.exe | Code function: 0_2_04BB5C82 |
Source: C:\Users\user\Desktop\d6U17S2KY1.exe | Code function: 0_2_04BBD4F0 |
Source: C:\Users\user\Desktop\d6U17S2KY1.exe | Code function: 0_2_04BBD4E0 |
Source: C:\Users\user\Desktop\d6U17S2KY1.exe | Code function: 0_2_04BBCC58 |
Source: C:\Users\user\Desktop\d6U17S2KY1.exe | Code function: 0_2_04BBCC49 |
Source: C:\Users\user\Desktop\d6U17S2KY1.exe | Code function: 0_2_04BBB53B |
Source: C:\Users\user\Desktop\d6U17S2KY1.exe | Code function: 0_2_04BB6572 |
Source: C:\Users\user\Desktop\d6U17S2KY1.exe | Code function: 0_2_04BB5E9A |
Source: C:\Users\user\Desktop\d6U17S2KY1.exe | Code function: 0_2_04BBD768 |
Source: C:\Users\user\Desktop\d6U17S2KY1.exe | Code function: 0_2_04BBD758 |
Source: C:\Users\user\Desktop\d6U17S2KY1.exe | Code function: 0_2_04BBB0B8 |
Source: C:\Users\user\Desktop\d6U17S2KY1.exe | Code function: 0_2_04BBB2AB |
Source: C:\Users\user\Desktop\d6U17S2KY1.exe | Code function: 0_2_04BBD2F1 |
Source: C:\Users\user\Desktop\d6U17S2KY1.exe | Code function: 0_2_04BB9222 |
Source: C:\Users\user\Desktop\d6U17S2KY1.exe | Code function: 0_2_04BBB27A |
Source: C:\Users\user\Desktop\d6U17S2KY1.exe | Code function: 0_2_04BB5390 |
Source: C:\Users\user\Desktop\d6U17S2KY1.exe | Code function: 0_2_04BBB381 |
Source: C:\Users\user\Desktop\d6U17S2KY1.exe | Code function: 0_2_04BBD300 |
Source: C:\Users\user\Desktop\d6U17S2KY1.exe | Code function: 0_2_0575D1E0 |
Source: C:\Users\user\Desktop\d6U17S2KY1.exe | Code function: 0_2_0575A078 |
Source: C:\Users\user\Desktop\d6U17S2KY1.exe | Code function: 0_2_05758CE0 |
Source: C:\Users\user\Desktop\d6U17S2KY1.exe | Code function: 0_2_05759270 |
Source: C:\Users\user\Desktop\d6U17S2KY1.exe | Code function: 0_2_05758600 |
Source: C:\Users\user\Desktop\d6U17S2KY1.exe | Code function: 0_2_0575451F |
Source: C:\Users\user\Desktop\d6U17S2KY1.exe | Code function: 0_2_057585F0 |
Source: C:\Users\user\Desktop\d6U17S2KY1.exe | Code function: 0_2_05759C6A |
Source: C:\Users\user\Desktop\d6U17S2KY1.exe | Code function: 0_2_05754058 |
Source: C:\Users\user\Desktop\d6U17S2KY1.exe | Code function: 0_2_05750040 |
Source: C:\Users\user\Desktop\d6U17S2KY1.exe | Code function: 0_2_05750007 |
Source: C:\Users\user\Desktop\d6U17S2KY1.exe | Code function: 0_2_05758CD1 |
Source: C:\Users\user\Desktop\d6U17S2KY1.exe | Code function: 0_2_05753760 |
Source: C:\Users\user\Desktop\d6U17S2KY1.exe | Code function: 0_2_05753759 |
Source: C:\Users\user\Desktop\d6U17S2KY1.exe | Code function: 0_2_05759261 |
Source: C:\Users\user\Desktop\d6U17S2KY1.exe | Code function: 0_2_05754E40 |
Source: C:\Users\user\Desktop\d6U17S2KY1.exe | Code function: 6_2_012447A0 |
Source: C:\Users\user\Desktop\d6U17S2KY1.exe | Code function: 6_2_01244730 |
Source: C:\Users\user\Desktop\d6U17S2KY1.exe | Code function: 6_2_01244790 |
Source: C:\Users\user\Desktop\d6U17S2KY1.exe | Code function: 6_2_0124D850 |
Source: C:\Users\user\Desktop\d6U17S2KY1.exe | Code function: 6_2_01386850 |
Source: C:\Users\user\Desktop\d6U17S2KY1.exe | Code function: 6_2_01385AF0 |
Source: C:\Users\user\Desktop\d6U17S2KY1.exe | Code function: 6_2_0138E668 |
Source: C:\Users\user\Desktop\d6U17S2KY1.exe | Code function: 6_2_013C6570 |
Source: C:\Users\user\Desktop\d6U17S2KY1.exe | Code function: 6_2_013CDF90 |
Source: C:\Users\user\Desktop\d6U17S2KY1.exe | Code function: 6_2_013C2E2C |
Source: C:\Users\user\Desktop\d6U17S2KY1.exe | Code function: 6_2_013C9A08 |
Source: C:\Users\user\Desktop\d6U17S2KY1.exe | Code function: 6_2_013CD740 |
Source: C:\Users\user\Desktop\d6U17S2KY1.exe | Code function: 6_2_013CDE40 |
Source: d6U17S2KY1.exe | Binary or memory string: OriginalFilename vs d6U17S2KY1.exe |
Source: d6U17S2KY1.exe, 00000000.00000002.261618244.0000000006DC0000.00000002.00000001.sdmp | Binary or memory string: originalfilename vs d6U17S2KY1.exe |
Source: d6U17S2KY1.exe, 00000000.00000002.261618244.0000000006DC0000.00000002.00000001.sdmp | Binary or memory string: OriginalFilenamepropsys.dll.mui@ vs d6U17S2KY1.exe |
Source: d6U17S2KY1.exe, 00000000.00000000.223573099.0000000000132000.00000002.00020000.sdmp | Binary or memory string: OriginalFilenameVarEnum.exeF vs d6U17S2KY1.exe |
Source: d6U17S2KY1.exe, 00000000.00000002.257106673.0000000004A80000.00000002.00000001.sdmp | Binary or memory string: OriginalFilenamemscorrc.dllT vs d6U17S2KY1.exe |
Source: d6U17S2KY1.exe, 00000000.00000002.249344198.00000000023D1000.00000004.00000001.sdmp | Binary or memory string: OriginalFilenameSimpleUI.dll( vs d6U17S2KY1.exe |
Source: d6U17S2KY1.exe, 00000000.00000002.250414259.00000000028E0000.00000004.00000001.sdmp | Binary or memory string: l,\\StringFileInfo\\000004B0\\OriginalFilename vs d6U17S2KY1.exe |
Source: d6U17S2KY1.exe, 00000000.00000002.251253442.0000000003425000.00000004.00000001.sdmp | Binary or memory string: OriginalFilenameXGPWdGutkdNwhwzxXFILaBvjYzQEPLjNtGbCFpX.exe4 vs d6U17S2KY1.exe |
Source: d6U17S2KY1.exe, 00000000.00000002.251253442.0000000003425000.00000004.00000001.sdmp | Binary or memory string: OriginalFilenameDSASignature.dll@ vs d6U17S2KY1.exe |
Source: d6U17S2KY1.exe, 00000000.00000002.261488112.0000000005B60000.00000002.00000001.sdmp | Binary or memory string: System.OriginalFileName vs d6U17S2KY1.exe |
Source: d6U17S2KY1.exe | Binary or memory string: OriginalFilename vs d6U17S2KY1.exe |
Source: d6U17S2KY1.exe, 00000004.00000002.245356347.00000000003C2000.00000002.00020000.sdmp | Binary or memory string: OriginalFilenameVarEnum.exeF vs d6U17S2KY1.exe |
Source: d6U17S2KY1.exe | Binary or memory string: OriginalFilename vs d6U17S2KY1.exe |
Source: d6U17S2KY1.exe, 00000005.00000000.246120725.0000000000482000.00000002.00020000.sdmp | Binary or memory string: OriginalFilenameVarEnum.exeF vs d6U17S2KY1.exe |
Source: d6U17S2KY1.exe | Binary or memory string: OriginalFilename vs d6U17S2KY1.exe |
Source: d6U17S2KY1.exe, 00000006.00000002.505734863.00000000063A0000.00000002.00000001.sdmp | Binary or memory string: OriginalFilenamemscorrc.dllT vs d6U17S2KY1.exe |
Source: d6U17S2KY1.exe, 00000006.00000002.489554131.0000000000402000.00000040.00000001.sdmp | Binary or memory string: OriginalFilenameXGPWdGutkdNwhwzxXFILaBvjYzQEPLjNtGbCFpX.exe4 vs d6U17S2KY1.exe |
Source: d6U17S2KY1.exe, 00000006.00000002.498963810.0000000001390000.00000002.00000001.sdmp | Binary or memory string: OriginalFilenamewshom.ocx.mui vs d6U17S2KY1.exe |
Source: d6U17S2KY1.exe, 00000006.00000002.492268965.0000000000BC2000.00000002.00020000.sdmp | Binary or memory string: OriginalFilenameVarEnum.exeF vs d6U17S2KY1.exe |
Source: d6U17S2KY1.exe, 00000006.00000002.498908130.0000000001370000.00000002.00000001.sdmp | Binary or memory string: OriginalFilenamewshom.ocx vs d6U17S2KY1.exe |
Source: d6U17S2KY1.exe, 00000006.00000002.498443749.000000000125A000.00000004.00000020.sdmp | Binary or memory string: OriginalFilenameclr.dllT vs d6U17S2KY1.exe |
Source: d6U17S2KY1.exe, 00000006.00000002.492531820.0000000000F68000.00000004.00000001.sdmp | Binary or memory string: OriginalFilenameUNKNOWN_FILET vs d6U17S2KY1.exe |
Source: d6U17S2KY1.exe | Binary or memory string: OriginalFilenameVarEnum.exeF vs d6U17S2KY1.exe |
Source: d6U17S2KY1.exe, 00000000.00000002.249385166.0000000002410000.00000004.00000001.sdmp | Binary or memory string: Select * from Clientes WHERE id=@id;; |
Source: d6U17S2KY1.exe, 00000000.00000002.249385166.0000000002410000.00000004.00000001.sdmp | Binary or memory string: Select * from Aluguel Erro ao listar Banco sql-Aluguel.INSERT INTO Aluguel VALUES(@clienteID, @data); |
Source: d6U17S2KY1.exe, 00000000.00000002.249385166.0000000002410000.00000004.00000001.sdmp | Binary or memory string: Select * from SecurityLogonType WHERE id=@id; |
Source: d6U17S2KY1.exe, 00000000.00000002.249385166.0000000002410000.00000004.00000001.sdmp | Binary or memory string: Select * from SecurityLogonType WHERE modelo=@modelo; |
Source: d6U17S2KY1.exe, 00000000.00000002.249385166.0000000002410000.00000004.00000001.sdmp | Binary or memory string: INSERT INTO Itens_Aluguel VALUES(@aluguelID, @aviaoID, @validade); |
Source: d6U17S2KY1.exe, 00000000.00000002.249385166.0000000002410000.00000004.00000001.sdmp | Binary or memory string: Insert into Clientes values (@nome, @cpf, @rg, @cidade, @endereco, @uf, @telefone); |
Source: d6U17S2KY1.exe, 00000000.00000002.249385166.0000000002410000.00000004.00000001.sdmp | Binary or memory string: INSERT INTO Aluguel VALUES(@clienteID, @data); |
Source: d6U17S2KY1.exe, 00000000.00000002.249385166.0000000002410000.00000004.00000001.sdmp | Binary or memory string: INSERT INTO SecurityLogonType VALUES(@modelo, @fabricante, @ano, @cor); |
Source: d6U17S2KY1.exe, 00000000.00000002.249385166.0000000002410000.00000004.00000001.sdmp | Binary or memory string: Select * from SecurityLogonType*Erro ao listar Banco sql-SecurityLogonType,Select * from SecurityLogonType WHERE id=@id;Select * from SecurityLogonType WHERE (modelo LIKE @modelo) |
Source: unknown | Process created: C:\Users\user\Desktop\d6U17S2KY1.exe 'C:\Users\user\Desktop\d6U17S2KY1.exe' |
Source: C:\Users\user\Desktop\d6U17S2KY1.exe | Process created: C:\Windows\SysWOW64\schtasks.exe 'C:\Windows\System32\schtasks.exe' /Create /TN 'Updates\aqFBnsYUEqXcSa' /XML 'C:\Users\user\AppData\Local\Temp\tmp401C.tmp' |
Source: C:\Windows\SysWOW64\schtasks.exe | Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 |
Source: C:\Users\user\Desktop\d6U17S2KY1.exe | Process created: C:\Users\user\Desktop\d6U17S2KY1.exe C:\Users\user\Desktop\d6U17S2KY1.exe |
Source: C:\Users\user\Desktop\d6U17S2KY1.exe | Process created: C:\Users\user\Desktop\d6U17S2KY1.exe C:\Users\user\Desktop\d6U17S2KY1.exe |
Source: C:\Users\user\Desktop\d6U17S2KY1.exe | Process created: C:\Users\user\Desktop\d6U17S2KY1.exe C:\Users\user\Desktop\d6U17S2KY1.exe |
Source: C:\Users\user\Desktop\d6U17S2KY1.exe | Process created: C:\Windows\SysWOW64\schtasks.exe 'C:\Windows\System32\schtasks.exe' /Create /TN 'Updates\aqFBnsYUEqXcSa' /XML 'C:\Users\user\AppData\Local\Temp\tmp401C.tmp' |
Source: C:\Users\user\Desktop\d6U17S2KY1.exe | Process created: C:\Users\user\Desktop\d6U17S2KY1.exe C:\Users\user\Desktop\d6U17S2KY1.exe |
Source: C:\Users\user\Desktop\d6U17S2KY1.exe | Process created: C:\Users\user\Desktop\d6U17S2KY1.exe C:\Users\user\Desktop\d6U17S2KY1.exe |
Source: C:\Users\user\Desktop\d6U17S2KY1.exe | Process created: C:\Users\user\Desktop\d6U17S2KY1.exe C:\Users\user\Desktop\d6U17S2KY1.exe |
Source: C:\Users\user\Desktop\d6U17S2KY1.exe | Code function: 0_2_0011E124 pushad ; ret |
Source: C:\Users\user\Desktop\d6U17S2KY1.exe | Code function: 0_2_00120B4E push esp; iretd |
Source: C:\Users\user\Desktop\d6U17S2KY1.exe | Code function: 0_2_00BA839A pushad ; ret |
Source: C:\Users\user\Desktop\d6U17S2KY1.exe | Code function: 0_2_04BBACAE push 8DFFFFFFh; retf |
Source: C:\Users\user\Desktop\d6U17S2KY1.exe | Code function: 0_2_05757D71 pushfd ; ret |
Source: C:\Users\user\Desktop\d6U17S2KY1.exe | Code function: 0_2_05752E43 push cs; retf |
Source: C:\Users\user\Desktop\d6U17S2KY1.exe | Code function: 4_2_003C5C34 push ds; retf |
Source: C:\Users\user\Desktop\d6U17S2KY1.exe | Code function: 4_2_003C5436 push cs; retf |
Source: C:\Users\user\Desktop\d6U17S2KY1.exe | Code function: 4_2_003C5C22 push ds; retf |
Source: C:\Users\user\Desktop\d6U17S2KY1.exe | Code function: 4_2_003C5700 push cs; retf |
Source: C:\Users\user\Desktop\d6U17S2KY1.exe | Code function: 4_2_003C5C46 push ds; retf |
Source: C:\Users\user\Desktop\d6U17S2KY1.exe | Code function: 4_2_003C56B2 push cs; retf |
Source: C:\Users\user\Desktop\d6U17S2KY1.exe | Code function: 4_2_003C4392 push esp; iretd |
Source: C:\Users\user\Desktop\d6U17S2KY1.exe | Code function: 4_2_003C56E8 push cs; retf |
Source: C:\Users\user\Desktop\d6U17S2KY1.exe | Code function: 4_2_003C5AEA push ss; retf |
Source: C:\Users\user\Desktop\d6U17S2KY1.exe | Code function: 4_2_003C30C5 push ds; retf |
Source: C:\Users\user\Desktop\d6U17S2KY1.exe | Code function: 5_2_00485C46 push ds; retf |
Source: C:\Users\user\Desktop\d6U17S2KY1.exe | Code function: 5_2_00485700 push cs; retf |
Source: C:\Users\user\Desktop\d6U17S2KY1.exe | Code function: 5_2_00485C22 push ds; retf |
Source: C:\Users\user\Desktop\d6U17S2KY1.exe | Code function: 5_2_00485C34 push ds; retf |
Source: C:\Users\user\Desktop\d6U17S2KY1.exe | Code function: 5_2_00485436 push cs; retf |
Source: C:\Users\user\Desktop\d6U17S2KY1.exe | Code function: 5_2_004830C5 push ds; retf |
Source: C:\Users\user\Desktop\d6U17S2KY1.exe | Code function: 5_2_004856E8 push cs; retf |
Source: C:\Users\user\Desktop\d6U17S2KY1.exe | Code function: 5_2_00485AEA push ss; retf |
Source: C:\Users\user\Desktop\d6U17S2KY1.exe | Code function: 5_2_00484392 push esp; iretd |
Source: C:\Users\user\Desktop\d6U17S2KY1.exe | Code function: 5_2_004856B2 push cs; retf |
Source: C:\Users\user\Desktop\d6U17S2KY1.exe | Code function: 6_2_00BC56B2 push cs; retf |
Source: C:\Users\user\Desktop\d6U17S2KY1.exe | Code function: 6_2_00BC4392 push esp; iretd |
Source: C:\Users\user\Desktop\d6U17S2KY1.exe | Code function: 6_2_00BC56E8 push cs; retf |
Source: C:\Users\user\Desktop\d6U17S2KY1.exe | Code function: 6_2_00BC5AEA push ss; retf |
Source: C:\Users\user\Desktop\d6U17S2KY1.exe | Code function: 6_2_00BC30C5 push ds; retf |
Source: C:\Users\user\Desktop\d6U17S2KY1.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\d6U17S2KY1.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\d6U17S2KY1.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\d6U17S2KY1.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\d6U17S2KY1.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\d6U17S2KY1.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\d6U17S2KY1.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\d6U17S2KY1.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\d6U17S2KY1.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\d6U17S2KY1.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\d6U17S2KY1.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\d6U17S2KY1.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\d6U17S2KY1.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\d6U17S2KY1.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\d6U17S2KY1.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\d6U17S2KY1.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\d6U17S2KY1.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\d6U17S2KY1.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\d6U17S2KY1.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\d6U17S2KY1.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\d6U17S2KY1.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\d6U17S2KY1.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\d6U17S2KY1.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\d6U17S2KY1.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\d6U17S2KY1.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\d6U17S2KY1.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\d6U17S2KY1.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\d6U17S2KY1.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\d6U17S2KY1.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\d6U17S2KY1.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\d6U17S2KY1.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\d6U17S2KY1.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\d6U17S2KY1.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\d6U17S2KY1.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\d6U17S2KY1.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\d6U17S2KY1.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\d6U17S2KY1.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\d6U17S2KY1.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\d6U17S2KY1.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\d6U17S2KY1.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\d6U17S2KY1.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\d6U17S2KY1.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\d6U17S2KY1.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\d6U17S2KY1.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\d6U17S2KY1.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\d6U17S2KY1.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\d6U17S2KY1.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\d6U17S2KY1.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\d6U17S2KY1.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\d6U17S2KY1.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\d6U17S2KY1.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\d6U17S2KY1.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\d6U17S2KY1.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\d6U17S2KY1.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\d6U17S2KY1.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\d6U17S2KY1.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\d6U17S2KY1.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\d6U17S2KY1.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\d6U17S2KY1.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\d6U17S2KY1.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\d6U17S2KY1.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\d6U17S2KY1.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\d6U17S2KY1.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\d6U17S2KY1.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\d6U17S2KY1.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\d6U17S2KY1.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\d6U17S2KY1.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\d6U17S2KY1.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\d6U17S2KY1.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\d6U17S2KY1.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\d6U17S2KY1.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\d6U17S2KY1.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\d6U17S2KY1.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\d6U17S2KY1.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\d6U17S2KY1.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\d6U17S2KY1.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\d6U17S2KY1.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\d6U17S2KY1.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\d6U17S2KY1.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\d6U17S2KY1.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\d6U17S2KY1.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\d6U17S2KY1.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\d6U17S2KY1.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\d6U17S2KY1.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\d6U17S2KY1.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\d6U17S2KY1.exe | Process information set: NOOPENFILEERRORBOX |
Source: d6U17S2KY1.exe, 00000000.00000002.248996388.000000000074C000.00000004.00000020.sdmp | Binary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\Device\CdRom0\??\Volume{e6e9dfd8-98f2-11e9-90ce-806e6f6e6963}\DosDevices\D: |
Source: d6U17S2KY1.exe, 00000000.00000002.249385166.0000000002410000.00000004.00000001.sdmp | Binary or memory string: vmware |
Source: d6U17S2KY1.exe, 00000000.00000002.249385166.0000000002410000.00000004.00000001.sdmp | Binary or memory string: C:\PROGRAM FILES\VMWARE\VMWARE TOOLS\ |
Source: d6U17S2KY1.exe, 00000000.00000002.249385166.0000000002410000.00000004.00000001.sdmp | Binary or memory string: SOFTWARE\VMware, Inc.\VMware Tools |
Source: d6U17S2KY1.exe, 00000000.00000002.249385166.0000000002410000.00000004.00000001.sdmp | Binary or memory string: VMware SVGA II!Add-MpPreference -ExclusionPath " |
Source: d6U17S2KY1.exe, 00000000.00000002.249385166.0000000002410000.00000004.00000001.sdmp | Binary or memory string: VMWARE |
Source: d6U17S2KY1.exe, 00000000.00000002.249385166.0000000002410000.00000004.00000001.sdmp | Binary or memory string: InstallPath%C:\PROGRAM FILES\VMWARE\VMWARE TOOLS\ |
Source: d6U17S2KY1.exe, 00000000.00000002.249385166.0000000002410000.00000004.00000001.sdmp | Binary or memory string: VMWARE"SOFTWARE\VMware, Inc.\VMware ToolsLHARDWARE\DEVICEMAP\Scsi\Scsi Port 1\Scsi Bus 0\Target Id 0\Logical Unit Id 0LHARDWARE\DEVICEMAP\Scsi\Scsi Port 2\Scsi Bus 0\Target Id 0\Logical Unit Id 0'SYSTEM\ControlSet001\Services\Disk\Enum |
Source: d6U17S2KY1.exe, 00000000.00000002.249385166.0000000002410000.00000004.00000001.sdmp | Binary or memory string: VMware SVGA II |
Source: d6U17S2KY1.exe, 00000000.00000002.249385166.0000000002410000.00000004.00000001.sdmp | Binary or memory string: vmwareNSYSTEM\ControlSet001\Control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}\0000 |
Source: d6U17S2KY1.exe, 00000006.00000002.498803045.0000000001310000.00000004.00000020.sdmp | Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll |
Source: C:\Users\user\Desktop\d6U17S2KY1.exe | Queries volume information: C:\Users\user\Desktop\d6U17S2KY1.exe VolumeInformation |
Source: C:\Users\user\Desktop\d6U17S2KY1.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation |
Source: C:\Users\user\Desktop\d6U17S2KY1.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation |
Source: C:\Users\user\Desktop\d6U17S2KY1.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation |
Source: C:\Users\user\Desktop\d6U17S2KY1.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation |
Source: C:\Users\user\Desktop\d6U17S2KY1.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Remoting\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll VolumeInformation |
Source: C:\Users\user\Desktop\d6U17S2KY1.exe | Queries volume information: C:\Users\user\Desktop\d6U17S2KY1.exe VolumeInformation |
Source: C:\Users\user\Desktop\d6U17S2KY1.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation |
Source: C:\Users\user\Desktop\d6U17S2KY1.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation |
Source: C:\Users\user\Desktop\d6U17S2KY1.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformation |
Source: C:\Users\user\Desktop\d6U17S2KY1.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformation |
Source: C:\Users\user\Desktop\d6U17S2KY1.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformation |
Source: C:\Users\user\Desktop\d6U17S2KY1.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll VolumeInformation |
Source: C:\Users\user\Desktop\d6U17S2KY1.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation |
Source: C:\Users\user\Desktop\d6U17S2KY1.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation |