Source: oRSxZhDFLi.exe, 00000004.00000002.911434971.0000000002B71000.00000004.00000001.sdmp | String found in binary or memory: http://127.0.0.1:HTTP/1.1 |
Source: oRSxZhDFLi.exe, 00000004.00000002.911434971.0000000002B71000.00000004.00000001.sdmp | String found in binary or memory: http://DynDns.comDynDNS |
Source: oRSxZhDFLi.exe, 00000004.00000002.911434971.0000000002B71000.00000004.00000001.sdmp | String found in binary or memory: http://ExIqrm.com |
Source: oRSxZhDFLi.exe, 00000000.00000002.656056686.0000000002DD1000.00000004.00000001.sdmp | String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name |
Source: oRSxZhDFLi.exe, 00000004.00000002.911846028.0000000002ED3000.00000004.00000001.sdmp | String found in binary or memory: http://us2.smtp.mailhostbox.com |
Source: oRSxZhDFLi.exe, 00000000.00000002.656155190.0000000002E12000.00000004.00000001.sdmp | String found in binary or memory: https://stackpath.bootstrapcdn.com/bootstrap/4.5.0/css/bootstrap.min.css |
Source: oRSxZhDFLi.exe, 00000004.00000002.911434971.0000000002B71000.00000004.00000001.sdmp | String found in binary or memory: https://wqGvK2327FKwC19SZB.net |
Source: oRSxZhDFLi.exe, 00000000.00000002.656741610.0000000003DD9000.00000004.00000001.sdmp, oRSxZhDFLi.exe, 00000004.00000000.652461576.0000000000402000.00000040.00000001.sdmp | String found in binary or memory: https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip |
Source: oRSxZhDFLi.exe, 00000004.00000002.911434971.0000000002B71000.00000004.00000001.sdmp | String found in binary or memory: https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip%tordir%%ha |
Source: C:\Users\user\Desktop\oRSxZhDFLi.exe | Code function: 0_2_0088B7D5 |
Source: C:\Users\user\Desktop\oRSxZhDFLi.exe | Code function: 0_2_0106C2B0 |
Source: C:\Users\user\Desktop\oRSxZhDFLi.exe | Code function: 0_2_01069990 |
Source: C:\Users\user\Desktop\oRSxZhDFLi.exe | Code function: 0_2_02C8152D |
Source: C:\Users\user\Desktop\oRSxZhDFLi.exe | Code function: 0_2_0088C915 |
Source: C:\Users\user\Desktop\oRSxZhDFLi.exe | Code function: 3_2_003DB7D5 |
Source: C:\Users\user\Desktop\oRSxZhDFLi.exe | Code function: 3_2_003DC915 |
Source: C:\Users\user\Desktop\oRSxZhDFLi.exe | Code function: 4_2_007EB7D5 |
Source: C:\Users\user\Desktop\oRSxZhDFLi.exe | Code function: 4_2_009E8088 |
Source: C:\Users\user\Desktop\oRSxZhDFLi.exe | Code function: 4_2_009E2100 |
Source: C:\Users\user\Desktop\oRSxZhDFLi.exe | Code function: 4_2_009EBA18 |
Source: C:\Users\user\Desktop\oRSxZhDFLi.exe | Code function: 4_2_009EBBCC |
Source: C:\Users\user\Desktop\oRSxZhDFLi.exe | Code function: 4_2_009E3710 |
Source: C:\Users\user\Desktop\oRSxZhDFLi.exe | Code function: 4_2_009E6750 |
Source: C:\Users\user\Desktop\oRSxZhDFLi.exe | Code function: 4_2_009E4D30 |
Source: C:\Users\user\Desktop\oRSxZhDFLi.exe | Code function: 4_2_009E86B0 |
Source: C:\Users\user\Desktop\oRSxZhDFLi.exe | Code function: 4_2_009E53B8 |
Source: C:\Users\user\Desktop\oRSxZhDFLi.exe | Code function: 4_2_009E7370 |
Source: C:\Users\user\Desktop\oRSxZhDFLi.exe | Code function: 4_2_00D12D50 |
Source: C:\Users\user\Desktop\oRSxZhDFLi.exe | Code function: 4_2_00D1E958 |
Source: C:\Users\user\Desktop\oRSxZhDFLi.exe | Code function: 4_2_00D12618 |
Source: C:\Users\user\Desktop\oRSxZhDFLi.exe | Code function: 4_2_00D11FF0 |
Source: C:\Users\user\Desktop\oRSxZhDFLi.exe | Code function: 4_2_00D19DB8 |
Source: C:\Users\user\Desktop\oRSxZhDFLi.exe | Code function: 4_2_0117B618 |
Source: C:\Users\user\Desktop\oRSxZhDFLi.exe | Code function: 4_2_011765E0 |
Source: C:\Users\user\Desktop\oRSxZhDFLi.exe | Code function: 4_2_029746A0 |
Source: C:\Users\user\Desktop\oRSxZhDFLi.exe | Code function: 4_2_02974690 |
Source: C:\Users\user\Desktop\oRSxZhDFLi.exe | Code function: 4_2_0297DA00 |
Source: C:\Users\user\Desktop\oRSxZhDFLi.exe | Code function: 4_2_055A7540 |
Source: C:\Users\user\Desktop\oRSxZhDFLi.exe | Code function: 4_2_055A6C70 |
Source: C:\Users\user\Desktop\oRSxZhDFLi.exe | Code function: 4_2_007EC915 |
Source: C:\Users\user\Desktop\oRSxZhDFLi.exe | Code function: 4_2_055A2548 |
Source: oRSxZhDFLi.exe | Binary or memory string: OriginalFilename vs oRSxZhDFLi.exe |
Source: oRSxZhDFLi.exe, 00000000.00000002.660692383.0000000005EB0000.00000004.00000001.sdmp | Binary or memory string: OriginalFilenameDSASignature.dll@ vs oRSxZhDFLi.exe |
Source: oRSxZhDFLi.exe, 00000000.00000002.653618049.0000000000882000.00000002.00020000.sdmp | Binary or memory string: OriginalFilenameFileAssociationEntry.exeH vs oRSxZhDFLi.exe |
Source: oRSxZhDFLi.exe, 00000000.00000002.656741610.0000000003DD9000.00000004.00000001.sdmp | Binary or memory string: OriginalFilenameKygo.dll* vs oRSxZhDFLi.exe |
Source: oRSxZhDFLi.exe, 00000000.00000002.656741610.0000000003DD9000.00000004.00000001.sdmp | Binary or memory string: OriginalFilenameDzzZNTCCkshjIwupINRxlEJFvlTv.exe4 vs oRSxZhDFLi.exe |
Source: oRSxZhDFLi.exe | Binary or memory string: OriginalFilename vs oRSxZhDFLi.exe |
Source: oRSxZhDFLi.exe, 00000003.00000000.650660389.00000000003D2000.00000002.00020000.sdmp | Binary or memory string: OriginalFilenameFileAssociationEntry.exeH vs oRSxZhDFLi.exe |
Source: oRSxZhDFLi.exe | Binary or memory string: OriginalFilename vs oRSxZhDFLi.exe |
Source: oRSxZhDFLi.exe, 00000004.00000002.909217066.0000000000CF8000.00000004.00000001.sdmp | Binary or memory string: OriginalFilenameUNKNOWN_FILET vs oRSxZhDFLi.exe |
Source: oRSxZhDFLi.exe, 00000004.00000002.908840907.00000000007E2000.00000002.00020000.sdmp | Binary or memory string: OriginalFilenameFileAssociationEntry.exeH vs oRSxZhDFLi.exe |
Source: oRSxZhDFLi.exe, 00000004.00000002.908767191.0000000000402000.00000040.00000001.sdmp | Binary or memory string: OriginalFilenameDzzZNTCCkshjIwupINRxlEJFvlTv.exe4 vs oRSxZhDFLi.exe |
Source: oRSxZhDFLi.exe, 00000004.00000002.910696092.00000000010C0000.00000002.00000001.sdmp | Binary or memory string: OriginalFilenamemscorrc.dllT vs oRSxZhDFLi.exe |
Source: oRSxZhDFLi.exe, 00000004.00000002.909383387.0000000000D30000.00000002.00000001.sdmp | Binary or memory string: OriginalFilenamewshom.ocx.mui vs oRSxZhDFLi.exe |
Source: oRSxZhDFLi.exe | Binary or memory string: OriginalFilenameFileAssociationEntry.exeH vs oRSxZhDFLi.exe |
Source: oRSxZhDFLi.exe, 00000000.00000002.656155190.0000000002E12000.00000004.00000001.sdmp | Binary or memory string: Select * from Clientes WHERE id=@id;; |
Source: oRSxZhDFLi.exe, 00000000.00000002.656155190.0000000002E12000.00000004.00000001.sdmp | Binary or memory string: Select * from Aluguel Erro ao listar Banco sql-Aluguel.INSERT INTO Aluguel VALUES(@clienteID, @data); |
Source: oRSxZhDFLi.exe, 00000000.00000002.656155190.0000000002E12000.00000004.00000001.sdmp | Binary or memory string: Select * from SecurityLogonType WHERE id=@id; |
Source: oRSxZhDFLi.exe, 00000000.00000002.656155190.0000000002E12000.00000004.00000001.sdmp | Binary or memory string: Select * from SecurityLogonType WHERE modelo=@modelo; |
Source: oRSxZhDFLi.exe, 00000000.00000002.656155190.0000000002E12000.00000004.00000001.sdmp | Binary or memory string: INSERT INTO Itens_Aluguel VALUES(@aluguelID, @aviaoID, @validade); |
Source: oRSxZhDFLi.exe, 00000000.00000002.656155190.0000000002E12000.00000004.00000001.sdmp | Binary or memory string: Insert into Clientes values (@nome, @cpf, @rg, @cidade, @endereco, @uf, @telefone); |
Source: oRSxZhDFLi.exe, 00000000.00000002.656155190.0000000002E12000.00000004.00000001.sdmp | Binary or memory string: INSERT INTO Aluguel VALUES(@clienteID, @data); |
Source: oRSxZhDFLi.exe, 00000000.00000002.656155190.0000000002E12000.00000004.00000001.sdmp | Binary or memory string: INSERT INTO SecurityLogonType VALUES(@modelo, @fabricante, @ano, @cor); |
Source: oRSxZhDFLi.exe, 00000000.00000002.656155190.0000000002E12000.00000004.00000001.sdmp | Binary or memory string: Select * from SecurityLogonType*Erro ao listar Banco sql-SecurityLogonType,Select * from SecurityLogonType WHERE id=@id;Select * from SecurityLogonType WHERE (modelo LIKE @modelo) |
Source: C:\Users\user\Desktop\oRSxZhDFLi.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\oRSxZhDFLi.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\oRSxZhDFLi.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\oRSxZhDFLi.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\oRSxZhDFLi.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\oRSxZhDFLi.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\oRSxZhDFLi.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\oRSxZhDFLi.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\oRSxZhDFLi.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\oRSxZhDFLi.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\oRSxZhDFLi.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\oRSxZhDFLi.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\oRSxZhDFLi.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\oRSxZhDFLi.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\oRSxZhDFLi.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\oRSxZhDFLi.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\oRSxZhDFLi.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\oRSxZhDFLi.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\oRSxZhDFLi.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\oRSxZhDFLi.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\oRSxZhDFLi.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\oRSxZhDFLi.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\oRSxZhDFLi.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\oRSxZhDFLi.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\oRSxZhDFLi.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\oRSxZhDFLi.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\oRSxZhDFLi.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\oRSxZhDFLi.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\oRSxZhDFLi.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\oRSxZhDFLi.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\oRSxZhDFLi.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\oRSxZhDFLi.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\oRSxZhDFLi.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\oRSxZhDFLi.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\oRSxZhDFLi.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\oRSxZhDFLi.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\oRSxZhDFLi.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\oRSxZhDFLi.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\oRSxZhDFLi.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\oRSxZhDFLi.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\oRSxZhDFLi.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\oRSxZhDFLi.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\oRSxZhDFLi.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\oRSxZhDFLi.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\oRSxZhDFLi.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\oRSxZhDFLi.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\oRSxZhDFLi.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\oRSxZhDFLi.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\oRSxZhDFLi.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\oRSxZhDFLi.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\oRSxZhDFLi.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\oRSxZhDFLi.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\oRSxZhDFLi.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\oRSxZhDFLi.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\oRSxZhDFLi.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\oRSxZhDFLi.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\oRSxZhDFLi.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\oRSxZhDFLi.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\oRSxZhDFLi.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\oRSxZhDFLi.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\oRSxZhDFLi.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\oRSxZhDFLi.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\oRSxZhDFLi.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\oRSxZhDFLi.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\oRSxZhDFLi.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\oRSxZhDFLi.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\oRSxZhDFLi.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\oRSxZhDFLi.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\oRSxZhDFLi.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\oRSxZhDFLi.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\oRSxZhDFLi.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\oRSxZhDFLi.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\oRSxZhDFLi.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\oRSxZhDFLi.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\oRSxZhDFLi.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\oRSxZhDFLi.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\oRSxZhDFLi.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\oRSxZhDFLi.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\oRSxZhDFLi.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\oRSxZhDFLi.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\oRSxZhDFLi.exe | Process information set: NOOPENFILEERRORBOX |
Source: C:\Users\user\Desktop\oRSxZhDFLi.exe | Process information set: NOOPENFILEERRORBOX |
Source: oRSxZhDFLi.exe, 00000000.00000002.656155190.0000000002E12000.00000004.00000001.sdmp | Binary or memory string: vmware |
Source: oRSxZhDFLi.exe, 00000000.00000002.656155190.0000000002E12000.00000004.00000001.sdmp | Binary or memory string: C:\PROGRAM FILES\VMWARE\VMWARE TOOLS\ |
Source: oRSxZhDFLi.exe, 00000000.00000002.656155190.0000000002E12000.00000004.00000001.sdmp | Binary or memory string: SOFTWARE\VMware, Inc.\VMware Tools |
Source: oRSxZhDFLi.exe, 00000000.00000002.656155190.0000000002E12000.00000004.00000001.sdmp | Binary or memory string: VMware SVGA II!Add-MpPreference -ExclusionPath " |
Source: oRSxZhDFLi.exe, 00000000.00000002.656155190.0000000002E12000.00000004.00000001.sdmp | Binary or memory string: VMWARE |
Source: oRSxZhDFLi.exe, 00000000.00000002.656155190.0000000002E12000.00000004.00000001.sdmp | Binary or memory string: InstallPath%C:\PROGRAM FILES\VMWARE\VMWARE TOOLS\ |
Source: oRSxZhDFLi.exe, 00000000.00000002.656155190.0000000002E12000.00000004.00000001.sdmp | Binary or memory string: VMWARE"SOFTWARE\VMware, Inc.\VMware ToolsLHARDWARE\DEVICEMAP\Scsi\Scsi Port 1\Scsi Bus 0\Target Id 0\Logical Unit Id 0LHARDWARE\DEVICEMAP\Scsi\Scsi Port 2\Scsi Bus 0\Target Id 0\Logical Unit Id 0'SYSTEM\ControlSet001\Services\Disk\Enum |
Source: oRSxZhDFLi.exe, 00000000.00000002.656155190.0000000002E12000.00000004.00000001.sdmp | Binary or memory string: VMware SVGA II |
Source: oRSxZhDFLi.exe, 00000000.00000002.656155190.0000000002E12000.00000004.00000001.sdmp | Binary or memory string: vmwareNSYSTEM\ControlSet001\Control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}\0000 |
Source: C:\Users\user\Desktop\oRSxZhDFLi.exe | Queries volume information: C:\Users\user\Desktop\oRSxZhDFLi.exe VolumeInformation |
Source: C:\Users\user\Desktop\oRSxZhDFLi.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation |
Source: C:\Users\user\Desktop\oRSxZhDFLi.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation |
Source: C:\Users\user\Desktop\oRSxZhDFLi.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation |
Source: C:\Users\user\Desktop\oRSxZhDFLi.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation |
Source: C:\Users\user\Desktop\oRSxZhDFLi.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Remoting\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll VolumeInformation |
Source: C:\Users\user\Desktop\oRSxZhDFLi.exe | Queries volume information: C:\Users\user\Desktop\oRSxZhDFLi.exe VolumeInformation |
Source: C:\Users\user\Desktop\oRSxZhDFLi.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation |
Source: C:\Users\user\Desktop\oRSxZhDFLi.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation |
Source: C:\Users\user\Desktop\oRSxZhDFLi.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformation |
Source: C:\Users\user\Desktop\oRSxZhDFLi.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformation |
Source: C:\Users\user\Desktop\oRSxZhDFLi.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformation |
Source: C:\Users\user\Desktop\oRSxZhDFLi.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll VolumeInformation |
Source: C:\Users\user\Desktop\oRSxZhDFLi.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation |
Source: C:\Users\user\Desktop\oRSxZhDFLi.exe | Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation |
Source: Yara match | File source: 00000004.00000000.652461576.0000000000402000.00000040.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 00000004.00000002.908767191.0000000000402000.00000040.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 00000000.00000002.656741610.0000000003DD9000.00000004.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 00000004.00000002.911434971.0000000002B71000.00000004.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: Process Memory Space: oRSxZhDFLi.exe PID: 7040, type: MEMORY |
Source: Yara match | File source: Process Memory Space: oRSxZhDFLi.exe PID: 2804, type: MEMORY |
Source: Yara match | File source: 4.2.oRSxZhDFLi.exe.400000.0.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 0.2.oRSxZhDFLi.exe.3e98430.2.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 0.2.oRSxZhDFLi.exe.3e98430.2.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 4.0.oRSxZhDFLi.exe.400000.1.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 0.2.oRSxZhDFLi.exe.3dd9930.1.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 00000004.00000000.652461576.0000000000402000.00000040.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 00000004.00000002.908767191.0000000000402000.00000040.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 00000000.00000002.656741610.0000000003DD9000.00000004.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: 00000004.00000002.911434971.0000000002B71000.00000004.00000001.sdmp, type: MEMORY |
Source: Yara match | File source: Process Memory Space: oRSxZhDFLi.exe PID: 7040, type: MEMORY |
Source: Yara match | File source: Process Memory Space: oRSxZhDFLi.exe PID: 2804, type: MEMORY |
Source: Yara match | File source: 4.2.oRSxZhDFLi.exe.400000.0.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 0.2.oRSxZhDFLi.exe.3e98430.2.raw.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 0.2.oRSxZhDFLi.exe.3e98430.2.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 4.0.oRSxZhDFLi.exe.400000.1.unpack, type: UNPACKEDPE |
Source: Yara match | File source: 0.2.oRSxZhDFLi.exe.3dd9930.1.raw.unpack, type: UNPACKEDPE |