Source: 0.2.e.exe.300000.0.unpack |
Avira: Label: TR/Redcap.jajcu |
Source: 0.0.e.exe.300000.0.unpack |
Avira: Label: TR/Redcap.jajcu |
Source: C:\Users\user\Desktop\e.exe |
DNS query: name: checkip.dyndns.org |
Source: C:\Users\user\Desktop\e.exe |
DNS query: name: checkip.dyndns.org |
Source: C:\Users\user\Desktop\e.exe |
DNS query: name: checkip.dyndns.org |
Source: C:\Users\user\Desktop\e.exe |
DNS query: name: checkip.dyndns.org |
Source: global traffic |
HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive |
Source: global traffic |
HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org |
Source: global traffic |
HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org |
Source: global traffic |
HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org |
Source: global traffic |
HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org |
Source: global traffic |
HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive |
Source: global traffic |
HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org |
Source: global traffic |
HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org |
Source: global traffic |
HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org |
Source: global traffic |
HTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org |
Source: e.exe, 00000000.00000002.461484579.0000000002694000.00000004.00000001.sdmp |
String found in binary or memory: http://cacerts.digicert.com/CloudflareIncECCCA-3.crt0 |
Source: e.exe, 00000000.00000003.268225344.0000000005ECA000.00000004.00000001.sdmp |
String found in binary or memory: http://cacerts.digicert.com/RapidSSLTLSDVRSAMixedSHA25 |
Source: e.exe, 00000000.00000002.463257447.0000000002840000.00000004.00000001.sdmp |
String found in binary or memory: http://cacerts.digicert.com/RapidSSLTLSDVRSAMixedSHA2562020CA-1.crt0 |
Source: e.exe, 00000000.00000002.461405433.0000000002661000.00000004.00000001.sdmp |
String found in binary or memory: http://checkip.dyndns.org |
Source: e.exe, 00000000.00000002.461405433.0000000002661000.00000004.00000001.sdmp |
String found in binary or memory: http://checkip.dyndns.org/ |
Source: e.exe, 00000000.00000002.461405433.0000000002661000.00000004.00000001.sdmp |
String found in binary or memory: http://checkip.dyndns.org/HB |
Source: e.exe, 00000000.00000002.461484579.0000000002694000.00000004.00000001.sdmp |
String found in binary or memory: http://crl3.digicert.com/CloudflareIncECCCA-3.crl07 |
Source: e.exe, 00000000.00000002.463257447.0000000002840000.00000004.00000001.sdmp |
String found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl07 |
Source: e.exe, 00000000.00000003.267801870.00000000009FD000.00000004.00000001.sdmp |
String found in binary or memory: http://crl3.digicert.com/Omniroot2025.crl0m |
Source: e.exe, 00000000.00000002.463257447.0000000002840000.00000004.00000001.sdmp |
String found in binary or memory: http://crl3.digicert.com/RapidSSLTLSDVRSAMixedSHA2562020CA-1.crl0F |
Source: e.exe, 00000000.00000002.466530897.0000000005EB0000.00000004.00000001.sdmp |
String found in binary or memory: http://crl3.digicert.com/RapidSSLTLU |
Source: e.exe, 00000000.00000002.461484579.0000000002694000.00000004.00000001.sdmp |
String found in binary or memory: http://crl4.digicert.com/CloudflareIncECCCA-3.crl0L |
Source: e.exe, 00000000.00000003.268225344.0000000005ECA000.00000004.00000001.sdmp |
String found in binary or memory: http://crl4.digicert.com/DigiCertGlobalR |
Source: e.exe, 00000000.00000002.463257447.0000000002840000.00000004.00000001.sdmp |
String found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootCA.crl0 |
Source: e.exe, 00000000.00000002.463257447.0000000002840000.00000004.00000001.sdmp |
String found in binary or memory: http://crl4.digicert.com/RapidSSLTLSDVRSAMixedSHA2562020CA-1.crl0 |
Source: e.exe, 00000000.00000002.463257447.0000000002840000.00000004.00000001.sdmp |
String found in binary or memory: http://kerekesfoto.com |
Source: e.exe, 00000000.00000002.463257447.0000000002840000.00000004.00000001.sdmp, e.exe, 00000000.00000002.461484579.0000000002694000.00000004.00000001.sdmp |
String found in binary or memory: http://ocsp.digicert.com0 |
Source: e.exe, 00000000.00000003.267801870.00000000009FD000.00000004.00000001.sdmp |
String found in binary or memory: http://ocsp.digicert.com0: |
Source: e.exe, 00000000.00000002.463257447.0000000002840000.00000004.00000001.sdmp |
String found in binary or memory: http://ocsp.digicert.com0O |
Source: e.exe, 00000000.00000002.461405433.0000000002661000.00000004.00000001.sdmp |
String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name |
Source: e.exe, 00000000.00000002.463257447.0000000002840000.00000004.00000001.sdmp |
String found in binary or memory: http://www.digicert.com/CPS0 |
Source: e.exe, 00000000.00000002.461405433.0000000002661000.00000004.00000001.sdmp |
String found in binary or memory: https://api.telegram.org/bot/sendMessage?chat_id=&text=Createutf-8Win32_ComputerSystemModelManufactu |
Source: e.exe, 00000000.00000002.461484579.0000000002694000.00000004.00000001.sdmp |
String found in binary or memory: https://freegeoip.app |
Source: e.exe, 00000000.00000002.461484579.0000000002694000.00000004.00000001.sdmp |
String found in binary or memory: https://freegeoip.app/xml/ |
Source: e.exe, 00000000.00000002.461484579.0000000002694000.00000004.00000001.sdmp |
String found in binary or memory: https://freegeoip.app/xml/84.17.52.78 |
Source: e.exe, 00000000.00000002.461405433.0000000002661000.00000004.00000001.sdmp |
String found in binary or memory: https://freegeoip.app/xml/LoadTimeZoneCountryNameCountryCodehttps://www.geodatatool.com/en/?ip=/ |
Source: e.exe, 00000000.00000002.461405433.0000000002661000.00000004.00000001.sdmp |
String found in binary or memory: https://i.imgur.com/GJD7Q5y.png195.239.51.11795.26.248.2989.208.29.13389.187.165.4792.118.13.1895.26 |
Source: e.exe, 00000000.00000002.461597614.00000000026C5000.00000004.00000001.sdmp, e.exe, 00000000.00000002.461484579.0000000002694000.00000004.00000001.sdmp |
String found in binary or memory: https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct |
Source: e.exe, 00000000.00000003.211184805.0000000005EC0000.00000004.00000001.sdmp |
String found in binary or memory: https://wackip.dyndns.org/ |
Source: e.exe, 00000000.00000002.463257447.0000000002840000.00000004.00000001.sdmp |
String found in binary or memory: https://www.digicert.com/CPS0 |
Source: e.exe, 00000000.00000002.463257447.0000000002840000.00000004.00000001.sdmp, e.exe, 00000000.00000002.460128823.000000000095D000.00000004.00000020.sdmp, e.exe, 00000000.00000003.267581392.00000000009BE000.00000004.00000001.sdmp, e.exe, 00000000.00000003.268225344.0000000005ECA000.00000004.00000001.sdmp |
String found in binary or memory: https://www.digicert.com/rpa-ua0 |
Source: e.exe, 00000000.00000002.461597614.00000000026C5000.00000004.00000001.sdmp |
String found in binary or memory: https://www.geodatatool.com/en/?ip= |
Source: e.exe, 00000000.00000002.464390201.00000000029E9000.00000004.00000001.sdmp |
String found in binary or memory: https://www.geodatatool.com/en/?ip=3D84.17.52.78=0D=0A=0D=0ADat= |
Source: e.exe, 00000000.00000002.463257447.0000000002840000.00000004.00000001.sdmp |
String found in binary or memory: https://www.geodatatool.com/en/?ip=84.17.52.78 |
Source: C:\Users\user\Desktop\e.exe |
Code function: 0_2_00309417 |
0_2_00309417 |
Source: C:\Users\user\Desktop\e.exe |
Code function: 0_2_0030AA51 |
0_2_0030AA51 |
Source: C:\Users\user\Desktop\e.exe |
Code function: 0_2_003093F5 |
0_2_003093F5 |
Source: C:\Users\user\Desktop\e.exe |
Code function: 0_2_003093EC |
0_2_003093EC |
Source: C:\Users\user\Desktop\e.exe |
Code function: 0_2_024FF0F0 |
0_2_024FF0F0 |
Source: C:\Users\user\Desktop\e.exe |
Code function: 0_2_024FD0B0 |
0_2_024FD0B0 |
Source: C:\Users\user\Desktop\e.exe |
Code function: 0_2_024F057F |
0_2_024F057F |
Source: C:\Users\user\Desktop\e.exe |
Code function: 0_2_024FD980 |
0_2_024FD980 |
Source: C:\Users\user\Desktop\e.exe |
Code function: 0_2_024FCD68 |
0_2_024FCD68 |
Source: C:\Users\user\Desktop\e.exe |
Code function: 0_2_024F1039 |
0_2_024F1039 |
Source: C:\Users\user\Desktop\e.exe |
Code function: 0_2_024F1550 |
0_2_024F1550 |
Source: C:\Users\user\Desktop\e.exe |
Code function: 0_2_024F89E7 |
0_2_024F89E7 |
Source: C:\Users\user\Desktop\e.exe |
Code function: 0_2_06108A38 |
0_2_06108A38 |
Source: C:\Users\user\Desktop\e.exe |
Code function: 0_2_061039D8 |
0_2_061039D8 |
Source: C:\Users\user\Desktop\e.exe |
Code function: 0_2_06127724 |
0_2_06127724 |
Source: C:\Users\user\Desktop\e.exe |
Code function: 0_2_0612C050 |
0_2_0612C050 |
Source: C:\Users\user\Desktop\e.exe |
Code function: 0_2_0612B198 |
0_2_0612B198 |
Source: C:\Users\user\Desktop\e.exe |
Code function: 0_2_0612771B |
0_2_0612771B |
Source: C:\Users\user\Desktop\e.exe |
Code function: 0_2_06125750 |
0_2_06125750 |
Source: C:\Users\user\Desktop\e.exe |
Code function: 0_2_06125740 |
0_2_06125740 |
Source: e.exe |
Binary or memory string: OriginalFilename vs e.exe |
Source: e.exe, 00000000.00000002.466258517.0000000005900000.00000002.00000001.sdmp |
Binary or memory string: OriginalFilenameKernelbase.dll.muij% vs e.exe |
Source: e.exe, 00000000.00000000.191074513.0000000000302000.00000002.00020000.sdmp |
Binary or memory string: OriginalFilenameVNXT.exe* vs e.exe |
Source: e.exe, 00000000.00000002.459384599.0000000000735000.00000004.00000001.sdmp |
Binary or memory string: OriginalFilenameUNKNOWN_FILET vs e.exe |
Source: e.exe |
Binary or memory string: OriginalFilenameVNXT.exe* vs e.exe |
Source: C:\Users\user\Desktop\e.exe |
File read: C:\Windows\System32\drivers\etc\hosts |
Jump to behavior |
Source: C:\Users\user\Desktop\e.exe |
File read: C:\Windows\System32\drivers\etc\hosts |
Jump to behavior |
Source: C:\Users\user\Desktop\e.exe |
File read: C:\Windows\System32\drivers\etc\hosts |
Jump to behavior |
Source: C:\Users\user\Desktop\e.exe |
File read: C:\Windows\System32\drivers\etc\hosts |
Jump to behavior |
Source: C:\Users\user\Desktop\e.exe |
File read: C:\Windows\System32\drivers\etc\hosts |
Jump to behavior |
Source: C:\Users\user\Desktop\e.exe |
File read: C:\Windows\System32\drivers\etc\hosts |
Jump to behavior |
Source: C:\Users\user\Desktop\e.exe |
File read: C:\Windows\System32\drivers\etc\hosts |
Jump to behavior |
Source: Yara match |
File source: e.exe, type: SAMPLE |
Source: Yara match |
File source: 00000000.00000000.191074513.0000000000302000.00000002.00020000.sdmp, type: MEMORY |
Source: Yara match |
File source: 00000000.00000002.458925410.0000000000302000.00000002.00020000.sdmp, type: MEMORY |
Source: Yara match |
File source: Process Memory Space: e.exe PID: 6132, type: MEMORY |
Source: Yara match |
File source: 0.0.e.exe.3224d4.1.raw.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 0.2.e.exe.3224d4.1.raw.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 0.0.e.exe.300000.0.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 0.2.e.exe.300000.0.unpack, type: UNPACKEDPE |
Source: C:\Users\user\Desktop\e.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\e.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\e.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\e.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\e.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\e.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\e.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\e.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\e.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\e.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\e.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\e.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\e.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\e.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\e.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\e.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\e.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\e.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\e.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\e.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\e.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\e.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\e.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\e.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\e.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\e.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\e.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\e.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\e.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\e.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\e.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\e.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\e.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\e.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\e.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\e.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\e.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\e.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\e.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\e.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\e.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\e.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\e.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\e.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\e.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\e.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\e.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\e.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\e.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\e.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\e.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\e.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: Yara match |
File source: e.exe, type: SAMPLE |
Source: Yara match |
File source: 00000000.00000000.191074513.0000000000302000.00000002.00020000.sdmp, type: MEMORY |
Source: Yara match |
File source: 00000000.00000002.458925410.0000000000302000.00000002.00020000.sdmp, type: MEMORY |
Source: Yara match |
File source: Process Memory Space: e.exe PID: 6132, type: MEMORY |
Source: Yara match |
File source: 0.0.e.exe.3224d4.1.raw.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 0.2.e.exe.3224d4.1.raw.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 0.0.e.exe.300000.0.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 0.2.e.exe.300000.0.unpack, type: UNPACKEDPE |
Source: C:\Users\user\Desktop\e.exe TID: 2540 |
Thread sleep time: -18446744073709540s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\e.exe TID: 2540 |
Thread sleep time: -100000s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\e.exe TID: 6100 |
Thread sleep count: 533 > 30 |
Jump to behavior |
Source: C:\Users\user\Desktop\e.exe TID: 2540 |
Thread sleep time: -99844s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\e.exe TID: 6100 |
Thread sleep count: 9309 > 30 |
Jump to behavior |
Source: C:\Users\user\Desktop\e.exe TID: 2540 |
Thread sleep time: -99734s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\e.exe TID: 2540 |
Thread sleep time: -99625s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\e.exe TID: 2540 |
Thread sleep time: -99516s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\e.exe TID: 2540 |
Thread sleep time: -99406s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\e.exe TID: 2540 |
Thread sleep time: -99297s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\e.exe TID: 2540 |
Thread sleep time: -99187s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\e.exe TID: 2540 |
Thread sleep time: -99078s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\e.exe TID: 2540 |
Thread sleep time: -98969s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\e.exe TID: 2540 |
Thread sleep time: -98859s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\e.exe TID: 2540 |
Thread sleep time: -98750s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\e.exe TID: 2540 |
Thread sleep time: -98641s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\e.exe TID: 2540 |
Thread sleep time: -98531s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\e.exe TID: 2540 |
Thread sleep time: -98422s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\e.exe TID: 2540 |
Thread sleep time: -98312s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\e.exe TID: 2540 |
Thread sleep time: -98203s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\e.exe TID: 2540 |
Thread sleep time: -98094s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\e.exe TID: 2540 |
Thread sleep time: -97984s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\e.exe TID: 2540 |
Thread sleep time: -97875s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\e.exe TID: 2540 |
Thread sleep time: -97766s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\e.exe TID: 2540 |
Thread sleep time: -97656s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\e.exe TID: 2540 |
Thread sleep time: -97547s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\e.exe TID: 2540 |
Thread sleep time: -97437s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\e.exe TID: 2540 |
Thread sleep time: -97328s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\e.exe TID: 2540 |
Thread sleep time: -97219s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\e.exe TID: 2540 |
Thread sleep time: -97109s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\e.exe TID: 2540 |
Thread sleep time: -97000s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\e.exe TID: 2540 |
Thread sleep time: -96891s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\e.exe TID: 2540 |
Thread sleep time: -96781s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\e.exe TID: 2540 |
Thread sleep time: -96672s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\e.exe TID: 2540 |
Thread sleep time: -99906s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\e.exe TID: 2540 |
Thread sleep time: -99797s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\e.exe TID: 2540 |
Thread sleep time: -99688s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\e.exe TID: 2540 |
Thread sleep time: -99547s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\e.exe TID: 2540 |
Thread sleep time: -99391s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\e.exe TID: 2540 |
Thread sleep time: -99281s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\e.exe TID: 2540 |
Thread sleep time: -99172s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\e.exe TID: 2540 |
Thread sleep time: -99063s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\e.exe TID: 2540 |
Thread sleep time: -98813s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\e.exe TID: 2540 |
Thread sleep time: -98703s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\e.exe TID: 2540 |
Thread sleep time: -98594s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\e.exe TID: 2540 |
Thread sleep time: -98485s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\e.exe TID: 2540 |
Thread sleep time: -98344s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\e.exe TID: 2540 |
Thread sleep time: -98235s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\e.exe TID: 2540 |
Thread sleep time: -97672s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\e.exe TID: 2540 |
Thread sleep time: -97563s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\e.exe TID: 2540 |
Thread sleep time: -97438s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\e.exe TID: 2540 |
Thread sleep time: -97297s >= -30000s |
Jump to behavior |
Source: C:\Users\user\Desktop\e.exe |
WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_ComputerSystem |
Source: C:\Users\user\Desktop\e.exe |
WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_ComputerSystem |
Source: C:\Users\user\Desktop\e.exe |
Thread delayed: delay time: 922337203685477 |
Jump to behavior |
Source: C:\Users\user\Desktop\e.exe |
Thread delayed: delay time: 100000 |
Jump to behavior |
Source: C:\Users\user\Desktop\e.exe |
Thread delayed: delay time: 99844 |
Jump to behavior |
Source: C:\Users\user\Desktop\e.exe |
Thread delayed: delay time: 99734 |
Jump to behavior |
Source: C:\Users\user\Desktop\e.exe |
Thread delayed: delay time: 99625 |
Jump to behavior |
Source: C:\Users\user\Desktop\e.exe |
Thread delayed: delay time: 99516 |
Jump to behavior |
Source: C:\Users\user\Desktop\e.exe |
Thread delayed: delay time: 99406 |
Jump to behavior |
Source: C:\Users\user\Desktop\e.exe |
Thread delayed: delay time: 99297 |
Jump to behavior |
Source: C:\Users\user\Desktop\e.exe |
Thread delayed: delay time: 99187 |
Jump to behavior |
Source: C:\Users\user\Desktop\e.exe |
Thread delayed: delay time: 99078 |
Jump to behavior |
Source: C:\Users\user\Desktop\e.exe |
Thread delayed: delay time: 98969 |
Jump to behavior |
Source: C:\Users\user\Desktop\e.exe |
Thread delayed: delay time: 98859 |
Jump to behavior |
Source: C:\Users\user\Desktop\e.exe |
Thread delayed: delay time: 98750 |
Jump to behavior |
Source: C:\Users\user\Desktop\e.exe |
Thread delayed: delay time: 98641 |
Jump to behavior |
Source: C:\Users\user\Desktop\e.exe |
Thread delayed: delay time: 98531 |
Jump to behavior |
Source: C:\Users\user\Desktop\e.exe |
Thread delayed: delay time: 98422 |
Jump to behavior |
Source: C:\Users\user\Desktop\e.exe |
Thread delayed: delay time: 98312 |
Jump to behavior |
Source: C:\Users\user\Desktop\e.exe |
Thread delayed: delay time: 98203 |
Jump to behavior |
Source: C:\Users\user\Desktop\e.exe |
Thread delayed: delay time: 98094 |
Jump to behavior |
Source: C:\Users\user\Desktop\e.exe |
Thread delayed: delay time: 97984 |
Jump to behavior |
Source: C:\Users\user\Desktop\e.exe |
Thread delayed: delay time: 97875 |
Jump to behavior |
Source: C:\Users\user\Desktop\e.exe |
Thread delayed: delay time: 97766 |
Jump to behavior |
Source: C:\Users\user\Desktop\e.exe |
Thread delayed: delay time: 97656 |
Jump to behavior |
Source: C:\Users\user\Desktop\e.exe |
Thread delayed: delay time: 97547 |
Jump to behavior |
Source: C:\Users\user\Desktop\e.exe |
Thread delayed: delay time: 97437 |
Jump to behavior |
Source: C:\Users\user\Desktop\e.exe |
Thread delayed: delay time: 97328 |
Jump to behavior |
Source: C:\Users\user\Desktop\e.exe |
Thread delayed: delay time: 97219 |
Jump to behavior |
Source: C:\Users\user\Desktop\e.exe |
Thread delayed: delay time: 97109 |
Jump to behavior |
Source: C:\Users\user\Desktop\e.exe |
Thread delayed: delay time: 97000 |
Jump to behavior |
Source: C:\Users\user\Desktop\e.exe |
Thread delayed: delay time: 96891 |
Jump to behavior |
Source: C:\Users\user\Desktop\e.exe |
Thread delayed: delay time: 96781 |
Jump to behavior |
Source: C:\Users\user\Desktop\e.exe |
Thread delayed: delay time: 96672 |
Jump to behavior |
Source: C:\Users\user\Desktop\e.exe |
Thread delayed: delay time: 99906 |
Jump to behavior |
Source: C:\Users\user\Desktop\e.exe |
Thread delayed: delay time: 99797 |
Jump to behavior |
Source: C:\Users\user\Desktop\e.exe |
Thread delayed: delay time: 99688 |
Jump to behavior |
Source: C:\Users\user\Desktop\e.exe |
Thread delayed: delay time: 99547 |
Jump to behavior |
Source: C:\Users\user\Desktop\e.exe |
Thread delayed: delay time: 99391 |
Jump to behavior |
Source: C:\Users\user\Desktop\e.exe |
Thread delayed: delay time: 99281 |
Jump to behavior |
Source: C:\Users\user\Desktop\e.exe |
Thread delayed: delay time: 99172 |
Jump to behavior |
Source: C:\Users\user\Desktop\e.exe |
Thread delayed: delay time: 99063 |
Jump to behavior |
Source: C:\Users\user\Desktop\e.exe |
Thread delayed: delay time: 98813 |
Jump to behavior |
Source: C:\Users\user\Desktop\e.exe |
Thread delayed: delay time: 98703 |
Jump to behavior |
Source: C:\Users\user\Desktop\e.exe |
Thread delayed: delay time: 98594 |
Jump to behavior |
Source: C:\Users\user\Desktop\e.exe |
Thread delayed: delay time: 98485 |
Jump to behavior |
Source: C:\Users\user\Desktop\e.exe |
Thread delayed: delay time: 98344 |
Jump to behavior |
Source: C:\Users\user\Desktop\e.exe |
Thread delayed: delay time: 98235 |
Jump to behavior |
Source: C:\Users\user\Desktop\e.exe |
Thread delayed: delay time: 97672 |
Jump to behavior |
Source: C:\Users\user\Desktop\e.exe |
Thread delayed: delay time: 97563 |
Jump to behavior |
Source: C:\Users\user\Desktop\e.exe |
Thread delayed: delay time: 97438 |
Jump to behavior |
Source: C:\Users\user\Desktop\e.exe |
Thread delayed: delay time: 97297 |
Jump to behavior |
Source: e.exe, 00000000.00000002.460369590.00000000009F0000.00000004.00000020.sdmp |
Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllame= |
Source: e.exe, 00000000.00000002.466258517.0000000005900000.00000002.00000001.sdmp |
Binary or memory string: A Virtual Machine could not be started because Hyper-V is not installed. |
Source: e.exe, 00000000.00000002.466258517.0000000005900000.00000002.00000001.sdmp |
Binary or memory string: A communication protocol error has occurred between the Hyper-V Host and Guest Compute Service. |
Source: e.exe, 00000000.00000002.466258517.0000000005900000.00000002.00000001.sdmp |
Binary or memory string: The communication protocol version between the Hyper-V Host and Guest Compute Services is not supported. |
Source: e.exe, 00000000.00000002.466258517.0000000005900000.00000002.00000001.sdmp |
Binary or memory string: An unknown internal message was received by the Hyper-V Compute Service. |
Source: e.exe, 00000000.00000002.460950911.00000000010A0000.00000002.00000001.sdmp |
Binary or memory string: Program Manager |
Source: e.exe, 00000000.00000002.460950911.00000000010A0000.00000002.00000001.sdmp |
Binary or memory string: Shell_TrayWnd |
Source: e.exe, 00000000.00000002.460950911.00000000010A0000.00000002.00000001.sdmp |
Binary or memory string: Progman |
Source: e.exe, 00000000.00000002.460950911.00000000010A0000.00000002.00000001.sdmp |
Binary or memory string: Progmanlock |
Source: C:\Users\user\Desktop\e.exe |
Queries volume information: C:\Users\user\Desktop\e.exe VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\e.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\e.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\e.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\e.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.dll VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\e.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\e.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation |
Jump to behavior |
Source: Yara match |
File source: e.exe, type: SAMPLE |
Source: Yara match |
File source: 00000000.00000000.191074513.0000000000302000.00000002.00020000.sdmp, type: MEMORY |
Source: Yara match |
File source: 00000000.00000002.458925410.0000000000302000.00000002.00020000.sdmp, type: MEMORY |
Source: Yara match |
File source: 0.0.e.exe.300000.0.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 0.2.e.exe.300000.0.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: e.exe, type: SAMPLE |
Source: Yara match |
File source: 00000000.00000000.191074513.0000000000302000.00000002.00020000.sdmp, type: MEMORY |
Source: Yara match |
File source: 00000000.00000002.458925410.0000000000302000.00000002.00020000.sdmp, type: MEMORY |
Source: Yara match |
File source: Process Memory Space: e.exe PID: 6132, type: MEMORY |
Source: Yara match |
File source: 0.0.e.exe.3224d4.1.raw.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 0.2.e.exe.3224d4.1.raw.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 0.0.e.exe.300000.0.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 0.2.e.exe.300000.0.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: e.exe, type: SAMPLE |
Source: Yara match |
File source: 00000000.00000000.191074513.0000000000302000.00000002.00020000.sdmp, type: MEMORY |
Source: Yara match |
File source: 00000000.00000002.458925410.0000000000302000.00000002.00020000.sdmp, type: MEMORY |
Source: Yara match |
File source: 0.0.e.exe.300000.0.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 0.2.e.exe.300000.0.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: e.exe, type: SAMPLE |
Source: Yara match |
File source: 00000000.00000000.191074513.0000000000302000.00000002.00020000.sdmp, type: MEMORY |
Source: Yara match |
File source: 00000000.00000002.458925410.0000000000302000.00000002.00020000.sdmp, type: MEMORY |
Source: Yara match |
File source: Process Memory Space: e.exe PID: 6132, type: MEMORY |
Source: Yara match |
File source: 0.0.e.exe.3224d4.1.raw.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 0.2.e.exe.3224d4.1.raw.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 0.0.e.exe.300000.0.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 0.2.e.exe.300000.0.unpack, type: UNPACKEDPE |