Source: RegSvcs.exe, 00000004.00000002.467290309.0000000002E61000.00000004.00000001.sdmp |
String found in binary or memory: ftp://files.000webhost.com/zincocomputer147STORLengthWriteCloseGetBytesOpera |
Source: RegSvcs.exe, 00000004.00000002.467290309.0000000002E61000.00000004.00000001.sdmp |
String found in binary or memory: http://127.0.0.1:HTTP/1.1 |
Source: RegSvcs.exe, 00000004.00000002.467290309.0000000002E61000.00000004.00000001.sdmp |
String found in binary or memory: http://CqZTYA.com |
Source: RegSvcs.exe, 00000004.00000002.467290309.0000000002E61000.00000004.00000001.sdmp |
String found in binary or memory: http://DynDns.comDynDNS |
Source: RegSvcs.exe, 00000004.00000002.468629357.000000000308F000.00000004.00000001.sdmp |
String found in binary or memory: http://JC95xwwqEnXy3nGe.net |
Source: RegSvcs.exe, 00000004.00000002.468629357.000000000308F000.00000004.00000001.sdmp |
String found in binary or memory: http://JC95xwwqEnXy3nGe.netL |
Source: RegSvcs.exe, 00000004.00000002.469009805.0000000003111000.00000004.00000001.sdmp |
String found in binary or memory: http://files.000webhost.com |
Source: Following abusive email letter .exe, 00000000.00000002.211148958.00000000030C1000.00000004.00000001.sdmp, RegSvcs.exe, 00000004.00000002.468959194.0000000003103000.00000004.00000001.sdmp |
String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name |
Source: RegSvcs.exe, 00000004.00000002.469009805.0000000003111000.00000004.00000001.sdmp |
String found in binary or memory: http://us-east-1.route-1000.000webhost.awex.io |
Source: Following abusive email letter .exe, 00000000.00000002.211185227.00000000030FF000.00000004.00000001.sdmp |
String found in binary or memory: https://stackpath.bootstrapcdn.com/bootstrap/4.5.0/css/bootstrap.min.css |
Source: Following abusive email letter .exe, 00000000.00000002.211544150.00000000040C9000.00000004.00000001.sdmp, RegSvcs.exe, 00000004.00000002.464217016.0000000000402000.00000040.00000001.sdmp |
String found in binary or memory: https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip |
Source: RegSvcs.exe, 00000004.00000002.467290309.0000000002E61000.00000004.00000001.sdmp |
String found in binary or memory: https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip%tordir%%ha |
Source: C:\Users\user\Desktop\Following abusive email letter .exe |
Code function: 0_2_00A7264C |
0_2_00A7264C |
Source: C:\Users\user\Desktop\Following abusive email letter .exe |
Code function: 0_2_016C9AA8 |
0_2_016C9AA8 |
Source: C:\Users\user\Desktop\Following abusive email letter .exe |
Code function: 0_2_016CC750 |
0_2_016CC750 |
Source: C:\Users\user\Desktop\Following abusive email letter .exe |
Code function: 0_2_016C9948 |
0_2_016C9948 |
Source: C:\Users\user\Desktop\Following abusive email letter .exe |
Code function: 0_2_02E132F0 |
0_2_02E132F0 |
Source: C:\Users\user\Desktop\Following abusive email letter .exe |
Code function: 0_2_02E106E0 |
0_2_02E106E0 |
Source: C:\Users\user\Desktop\Following abusive email letter .exe |
Code function: 0_2_02E106D0 |
0_2_02E106D0 |
Source: C:\Users\user\Desktop\Following abusive email letter .exe |
Code function: 0_2_02E10B70 |
0_2_02E10B70 |
Source: C:\Users\user\Desktop\Following abusive email letter .exe |
Code function: 0_2_02E10B5F |
0_2_02E10B5F |
Source: C:\Users\user\Desktop\Following abusive email letter .exe |
Code function: 0_2_05A3EED0 |
0_2_05A3EED0 |
Source: C:\Users\user\Desktop\Following abusive email letter .exe |
Code function: 0_2_05A3F650 |
0_2_05A3F650 |
Source: C:\Users\user\Desktop\Following abusive email letter .exe |
Code function: 0_2_05A31D28 |
0_2_05A31D28 |
Source: C:\Users\user\Desktop\Following abusive email letter .exe |
Code function: 0_2_05A35D31 |
0_2_05A35D31 |
Source: C:\Users\user\Desktop\Following abusive email letter .exe |
Code function: 0_2_05A31D38 |
0_2_05A31D38 |
Source: C:\Users\user\Desktop\Following abusive email letter .exe |
Code function: 0_2_05A33519 |
0_2_05A33519 |
Source: C:\Users\user\Desktop\Following abusive email letter .exe |
Code function: 0_2_05A35D40 |
0_2_05A35D40 |
Source: C:\Users\user\Desktop\Following abusive email letter .exe |
Code function: 0_2_05A31480 |
0_2_05A31480 |
Source: C:\Users\user\Desktop\Following abusive email letter .exe |
Code function: 0_2_05A34468 |
0_2_05A34468 |
Source: C:\Users\user\Desktop\Following abusive email letter .exe |
Code function: 0_2_05A3AC70 |
0_2_05A3AC70 |
Source: C:\Users\user\Desktop\Following abusive email letter .exe |
Code function: 0_2_05A34458 |
0_2_05A34458 |
Source: C:\Users\user\Desktop\Following abusive email letter .exe |
Code function: 0_2_05A3A7F0 |
0_2_05A3A7F0 |
Source: C:\Users\user\Desktop\Following abusive email letter .exe |
Code function: 0_2_05A32720 |
0_2_05A32720 |
Source: C:\Users\user\Desktop\Following abusive email letter .exe |
Code function: 0_2_05A32730 |
0_2_05A32730 |
Source: C:\Users\user\Desktop\Following abusive email letter .exe |
Code function: 0_2_05A31769 |
0_2_05A31769 |
Source: C:\Users\user\Desktop\Following abusive email letter .exe |
Code function: 0_2_05A31778 |
0_2_05A31778 |
Source: C:\Users\user\Desktop\Following abusive email letter .exe |
Code function: 0_2_05A39F50 |
0_2_05A39F50 |
Source: C:\Users\user\Desktop\Following abusive email letter .exe |
Code function: 0_2_05A356E0 |
0_2_05A356E0 |
Source: C:\Users\user\Desktop\Following abusive email letter .exe |
Code function: 0_2_05A356D2 |
0_2_05A356D2 |
Source: C:\Users\user\Desktop\Following abusive email letter .exe |
Code function: 0_2_05A33610 |
0_2_05A33610 |
Source: C:\Users\user\Desktop\Following abusive email letter .exe |
Code function: 0_2_05A32189 |
0_2_05A32189 |
Source: C:\Users\user\Desktop\Following abusive email letter .exe |
Code function: 0_2_05A32198 |
0_2_05A32198 |
Source: C:\Users\user\Desktop\Following abusive email letter .exe |
Code function: 0_2_05A3C198 |
0_2_05A3C198 |
Source: C:\Users\user\Desktop\Following abusive email letter .exe |
Code function: 0_2_05A30920 |
0_2_05A30920 |
Source: C:\Users\user\Desktop\Following abusive email letter .exe |
Code function: 0_2_05A30930 |
0_2_05A30930 |
Source: C:\Users\user\Desktop\Following abusive email letter .exe |
Code function: 0_2_05A39948 |
0_2_05A39948 |
Source: C:\Users\user\Desktop\Following abusive email letter .exe |
Code function: 0_2_05A358E8 |
0_2_05A358E8 |
Source: C:\Users\user\Desktop\Following abusive email letter .exe |
Code function: 0_2_05A358D8 |
0_2_05A358D8 |
Source: C:\Users\user\Desktop\Following abusive email letter .exe |
Code function: 0_2_05A35039 |
0_2_05A35039 |
Source: C:\Users\user\Desktop\Following abusive email letter .exe |
Code function: 0_2_05A36805 |
0_2_05A36805 |
Source: C:\Users\user\Desktop\Following abusive email letter .exe |
Code function: 0_2_05A36808 |
0_2_05A36808 |
Source: C:\Users\user\Desktop\Following abusive email letter .exe |
Code function: 0_2_05A32040 |
0_2_05A32040 |
Source: C:\Users\user\Desktop\Following abusive email letter .exe |
Code function: 0_2_05A35048 |
0_2_05A35048 |
Source: C:\Users\user\Desktop\Following abusive email letter .exe |
Code function: 0_2_05A35B38 |
0_2_05A35B38 |
Source: C:\Users\user\Desktop\Following abusive email letter .exe |
Code function: 0_2_05A35B48 |
0_2_05A35B48 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 4_2_00BA0820 |
4_2_00BA0820 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 4_2_00BAE018 |
4_2_00BAE018 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 4_2_00BA8D70 |
4_2_00BA8D70 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 4_2_00BA3FC8 |
4_2_00BA3FC8 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 4_2_00BA0CB0 |
4_2_00BA0CB0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 4_2_00BA94C8 |
4_2_00BA94C8 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 4_2_00BA2C08 |
4_2_00BA2C08 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 4_2_00BAD9E8 |
4_2_00BAD9E8 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 4_2_00BA8B50 |
4_2_00BA8B50 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 4_2_00BB00E0 |
4_2_00BB00E0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 4_2_00BBA870 |
4_2_00BBA870 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 4_2_00BB2920 |
4_2_00BB2920 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 4_2_00BB7AB0 |
4_2_00BB7AB0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 4_2_00BB6678 |
4_2_00BB6678 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 4_2_00BB6BF8 |
4_2_00BB6BF8 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 4_2_00BBEF30 |
4_2_00BBEF30 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 4_2_00BB0720 |
4_2_00BB0720 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 4_2_00BB2D38 |
4_2_00BB2D38 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 4_2_00BB87A0 |
4_2_00BB87A0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 4_2_00BCB060 |
4_2_00BCB060 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 4_2_00BC2D50 |
4_2_00BC2D50 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 4_2_00BCDEC6 |
4_2_00BCDEC6 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 4_2_00BC1FF0 |
4_2_00BC1FF0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 4_2_00BCA720 |
4_2_00BCA720 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 4_2_00BC2768 |
4_2_00BC2768 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 4_2_00BC9DB8 |
4_2_00BC9DB8 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 4_2_010B47A0 |
4_2_010B47A0 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 4_2_010B479F |
4_2_010B479F |
Source: Following abusive email letter .exe, 00000000.00000002.215243237.000000000C230000.00000002.00000001.sdmp |
Binary or memory string: originalfilename vs Following abusive email letter .exe |
Source: Following abusive email letter .exe, 00000000.00000002.215243237.000000000C230000.00000002.00000001.sdmp |
Binary or memory string: OriginalFilenamepropsys.dll.mui@ vs Following abusive email letter .exe |
Source: Following abusive email letter .exe, 00000000.00000002.211544150.00000000040C9000.00000004.00000001.sdmp |
Binary or memory string: OriginalFilenameKygo.dll* vs Following abusive email letter .exe |
Source: Following abusive email letter .exe, 00000000.00000002.211544150.00000000040C9000.00000004.00000001.sdmp |
Binary or memory string: OriginalFilenameTGqXBSLBNqFAlVDcDrdeyUgg.exe4 vs Following abusive email letter .exe |
Source: Following abusive email letter .exe, 00000000.00000002.211544150.00000000040C9000.00000004.00000001.sdmp |
Binary or memory string: OriginalFilenameDSASignature.dll@ vs Following abusive email letter .exe |
Source: Following abusive email letter .exe, 00000000.00000002.214907946.000000000C130000.00000002.00000001.sdmp |
Binary or memory string: System.OriginalFileName vs Following abusive email letter .exe |
Source: Following abusive email letter .exe, 00000000.00000000.199906618.0000000000B50000.00000002.00020000.sdmp |
Binary or memory string: OriginalFilenameOpenExistingResult.exe< vs Following abusive email letter .exe |
Source: Following abusive email letter .exe |
Binary or memory string: OriginalFilenameOpenExistingResult.exe< vs Following abusive email letter .exe |
Source: Following abusive email letter .exe, vJiGl01UUJfXfNWas3/DyyVDbaRvM1YfIq9il.cs |
Cryptographic APIs: 'CreateDecryptor' |
Source: Following abusive email letter .exe, vJiGl01UUJfXfNWas3/DyyVDbaRvM1YfIq9il.cs |
Cryptographic APIs: 'CreateDecryptor' |
Source: VUGIHQGciwlxDd.exe.0.dr, vJiGl01UUJfXfNWas3/DyyVDbaRvM1YfIq9il.cs |
Cryptographic APIs: 'CreateDecryptor' |
Source: VUGIHQGciwlxDd.exe.0.dr, vJiGl01UUJfXfNWas3/DyyVDbaRvM1YfIq9il.cs |
Cryptographic APIs: 'CreateDecryptor' |
Source: 4.0.RegSvcs.exe.400000.0.unpack, A/b2.cs |
Cryptographic APIs: 'TransformFinalBlock', 'CreateDecryptor' |
Source: 4.0.RegSvcs.exe.400000.0.unpack, A/b2.cs |
Cryptographic APIs: 'TransformFinalBlock', 'CreateDecryptor' |
Source: Following abusive email letter .exe, 00000000.00000002.211185227.00000000030FF000.00000004.00000001.sdmp |
Binary or memory string: Select * from Clientes WHERE id=@id;; |
Source: Following abusive email letter .exe, 00000000.00000002.211185227.00000000030FF000.00000004.00000001.sdmp |
Binary or memory string: Select * from Aluguel Erro ao listar Banco sql-Aluguel.INSERT INTO Aluguel VALUES(@clienteID, @data); |
Source: Following abusive email letter .exe, 00000000.00000002.211185227.00000000030FF000.00000004.00000001.sdmp |
Binary or memory string: Select * from SecurityLogonType WHERE id=@id; |
Source: Following abusive email letter .exe, 00000000.00000002.211185227.00000000030FF000.00000004.00000001.sdmp |
Binary or memory string: Select * from SecurityLogonType WHERE modelo=@modelo; |
Source: Following abusive email letter .exe, 00000000.00000002.211185227.00000000030FF000.00000004.00000001.sdmp |
Binary or memory string: INSERT INTO Itens_Aluguel VALUES(@aluguelID, @aviaoID, @validade); |
Source: Following abusive email letter .exe, 00000000.00000002.211185227.00000000030FF000.00000004.00000001.sdmp |
Binary or memory string: Insert into Clientes values (@nome, @cpf, @rg, @cidade, @endereco, @uf, @telefone); |
Source: Following abusive email letter .exe, 00000000.00000002.211185227.00000000030FF000.00000004.00000001.sdmp |
Binary or memory string: INSERT INTO Aluguel VALUES(@clienteID, @data); |
Source: Following abusive email letter .exe, 00000000.00000002.211185227.00000000030FF000.00000004.00000001.sdmp |
Binary or memory string: INSERT INTO SecurityLogonType VALUES(@modelo, @fabricante, @ano, @cor); |
Source: Following abusive email letter .exe, 00000000.00000002.211185227.00000000030FF000.00000004.00000001.sdmp |
Binary or memory string: Select * from SecurityLogonType*Erro ao listar Banco sql-SecurityLogonType,Select * from SecurityLogonType WHERE id=@id;Select * from SecurityLogonType WHERE (modelo LIKE @modelo) |
Source: C:\Users\user\Desktop\Following abusive email letter .exe |
Code function: 0_2_00A75DCB pushfd ; retf |
0_2_00A75ED9 |
Source: C:\Users\user\Desktop\Following abusive email letter .exe |
Code function: 0_2_016CE8F0 pushfd ; ret |
0_2_016CE8F1 |
Source: C:\Users\user\Desktop\Following abusive email letter .exe |
Code function: 0_2_02E132F0 push 840617CBh; retf |
0_2_02E13701 |
Source: C:\Users\user\Desktop\Following abusive email letter .exe |
Code function: 0_2_05A36DE6 push esi; ret |
0_2_05A36DE7 |
Source: C:\Users\user\Desktop\Following abusive email letter .exe |
Code function: 0_2_05A37790 push esp; iretd |
0_2_05A37792 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 4_2_00BCC4E0 pushfd ; iretd |
4_2_00BCCA66 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 4_2_00BC2768 pushfd ; iretd |
4_2_00BC2B86 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 4_2_00BC7A37 push edi; retn 0000h |
4_2_00BC7A39 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 4_2_00BC1E58 pushfd ; iretd |
4_2_00BC1E66 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 4_2_00BC2B78 pushfd ; iretd |
4_2_00BC2B86 |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Code function: 4_2_010B451C push ss; iretd |
4_2_010B4526 |
Source: C:\Users\user\Desktop\Following abusive email letter .exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Following abusive email letter .exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Following abusive email letter .exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Following abusive email letter .exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Following abusive email letter .exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Following abusive email letter .exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Following abusive email letter .exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Following abusive email letter .exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Following abusive email letter .exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Following abusive email letter .exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Following abusive email letter .exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Following abusive email letter .exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Following abusive email letter .exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Following abusive email letter .exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Following abusive email letter .exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Following abusive email letter .exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Following abusive email letter .exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Following abusive email letter .exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Following abusive email letter .exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Following abusive email letter .exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Following abusive email letter .exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Following abusive email letter .exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Following abusive email letter .exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Following abusive email letter .exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Following abusive email letter .exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Following abusive email letter .exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Following abusive email letter .exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Following abusive email letter .exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Following abusive email letter .exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Following abusive email letter .exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: RegSvcs.exe, 00000004.00000002.472242636.0000000005EA0000.00000002.00000001.sdmp |
Binary or memory string: A Virtual Machine could not be started because Hyper-V is not installed. |
Source: Following abusive email letter .exe, 00000000.00000002.211185227.00000000030FF000.00000004.00000001.sdmp |
Binary or memory string: vmware |
Source: Following abusive email letter .exe, 00000000.00000002.211185227.00000000030FF000.00000004.00000001.sdmp |
Binary or memory string: C:\PROGRAM FILES\VMWARE\VMWARE TOOLS\ |
Source: Following abusive email letter .exe, 00000000.00000002.211185227.00000000030FF000.00000004.00000001.sdmp |
Binary or memory string: SOFTWARE\VMware, Inc.\VMware Tools |
Source: Following abusive email letter .exe, 00000000.00000002.211185227.00000000030FF000.00000004.00000001.sdmp |
Binary or memory string: VMware SVGA II!Add-MpPreference -ExclusionPath " |
Source: Following abusive email letter .exe, 00000000.00000002.211185227.00000000030FF000.00000004.00000001.sdmp |
Binary or memory string: VMWARE |
Source: Following abusive email letter .exe, 00000000.00000002.211185227.00000000030FF000.00000004.00000001.sdmp |
Binary or memory string: InstallPath%C:\PROGRAM FILES\VMWARE\VMWARE TOOLS\ |
Source: RegSvcs.exe, 00000004.00000002.472242636.0000000005EA0000.00000002.00000001.sdmp |
Binary or memory string: A communication protocol error has occurred between the Hyper-V Host and Guest Compute Service. |
Source: RegSvcs.exe, 00000004.00000002.472242636.0000000005EA0000.00000002.00000001.sdmp |
Binary or memory string: The communication protocol version between the Hyper-V Host and Guest Compute Services is not supported. |
Source: Following abusive email letter .exe, 00000000.00000002.211185227.00000000030FF000.00000004.00000001.sdmp |
Binary or memory string: VMWARE"SOFTWARE\VMware, Inc.\VMware ToolsLHARDWARE\DEVICEMAP\Scsi\Scsi Port 1\Scsi Bus 0\Target Id 0\Logical Unit Id 0LHARDWARE\DEVICEMAP\Scsi\Scsi Port 2\Scsi Bus 0\Target Id 0\Logical Unit Id 0'SYSTEM\ControlSet001\Services\Disk\Enum |
Source: Following abusive email letter .exe, 00000000.00000002.211185227.00000000030FF000.00000004.00000001.sdmp |
Binary or memory string: VMware SVGA II |
Source: Following abusive email letter .exe, 00000000.00000002.211185227.00000000030FF000.00000004.00000001.sdmp |
Binary or memory string: vmwareNSYSTEM\ControlSet001\Control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}\0000 |
Source: RegSvcs.exe, 00000004.00000002.472641648.0000000005FBA000.00000004.00000001.sdmp |
Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll |
Source: RegSvcs.exe, 00000004.00000002.472242636.0000000005EA0000.00000002.00000001.sdmp |
Binary or memory string: An unknown internal message was received by the Hyper-V Compute Service. |
Source: C:\Users\user\Desktop\Following abusive email letter .exe |
Queries volume information: C:\Users\user\Desktop\Following abusive email letter .exe VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\Following abusive email letter .exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\Following abusive email letter .exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\Following abusive email letter .exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\Following abusive email letter .exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation |
Jump to behavior |
Source: C:\Users\user\Desktop\Following abusive email letter .exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Remoting\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll VolumeInformation |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Queries volume information: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe VolumeInformation |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformation |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformation |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformation |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll VolumeInformation |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation |
Jump to behavior |
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe |
Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation |
Jump to behavior |
Source: Yara match |
File source: 00000004.00000002.464217016.0000000000402000.00000040.00000001.sdmp, type: MEMORY |
Source: Yara match |
File source: 00000004.00000000.209849248.0000000000402000.00000040.00000001.sdmp, type: MEMORY |
Source: Yara match |
File source: 00000000.00000002.211544150.00000000040C9000.00000004.00000001.sdmp, type: MEMORY |
Source: Yara match |
File source: 00000004.00000002.468629357.000000000308F000.00000004.00000001.sdmp, type: MEMORY |
Source: Yara match |
File source: Process Memory Space: RegSvcs.exe PID: 3352, type: MEMORY |
Source: Yara match |
File source: Process Memory Space: Following abusive email letter .exe PID: 3888, type: MEMORY |
Source: Yara match |
File source: 4.0.RegSvcs.exe.400000.0.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 0.2.Following abusive email letter .exe.4183028.2.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 4.2.RegSvcs.exe.400000.0.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 0.2.Following abusive email letter .exe.4183028.2.raw.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 00000004.00000002.464217016.0000000000402000.00000040.00000001.sdmp, type: MEMORY |
Source: Yara match |
File source: 00000004.00000000.209849248.0000000000402000.00000040.00000001.sdmp, type: MEMORY |
Source: Yara match |
File source: 00000000.00000002.211544150.00000000040C9000.00000004.00000001.sdmp, type: MEMORY |
Source: Yara match |
File source: 00000004.00000002.468629357.000000000308F000.00000004.00000001.sdmp, type: MEMORY |
Source: Yara match |
File source: Process Memory Space: RegSvcs.exe PID: 3352, type: MEMORY |
Source: Yara match |
File source: Process Memory Space: Following abusive email letter .exe PID: 3888, type: MEMORY |
Source: Yara match |
File source: 4.0.RegSvcs.exe.400000.0.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 0.2.Following abusive email letter .exe.4183028.2.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 4.2.RegSvcs.exe.400000.0.unpack, type: UNPACKEDPE |
Source: Yara match |
File source: 0.2.Following abusive email letter .exe.4183028.2.raw.unpack, type: UNPACKEDPE |