Source: 00000000.00000002.738009135.0000000002100000.00000040.00000001.sdmp |
Malware Configuration Extractor: GuLoader {"Payload URL": "https://andreameixueiro.com/TODAY_tRiyv97.bin"} |
Source: Order-078CNLTD.exe |
Virustotal: Detection: 70% |
Perma Link |
Source: Order-078CNLTD.exe |
Metadefender: Detection: 25% |
Perma Link |
Source: Order-078CNLTD.exe |
ReversingLabs: Detection: 86% |
Source: Order-078CNLTD.exe |
Static PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED |
Source: Malware configuration extractor |
URLs: https://andreameixueiro.com/TODAY_tRiyv97.bin |
Source: initial sample |
Icon embedded in PE file: bad icon match: 20047c7c70f0e004 |
Source: initial sample |
Static PE information: Filename: Order-078CNLTD.exe |
Source: C:\Users\user\Desktop\Order-078CNLTD.exe |
Process Stats: CPU usage > 98% |
Source: C:\Users\user\Desktop\Order-078CNLTD.exe |
Code function: 0_2_02103179 NtAllocateVirtualMemory, |
0_2_02103179 |
Source: C:\Users\user\Desktop\Order-078CNLTD.exe |
Code function: 0_2_02105DA2 NtProtectVirtualMemory, |
0_2_02105DA2 |
Source: C:\Users\user\Desktop\Order-078CNLTD.exe |
Code function: 0_2_02106A9E |
0_2_02106A9E |
Source: C:\Users\user\Desktop\Order-078CNLTD.exe |
Code function: 0_2_021018ED |
0_2_021018ED |
Source: C:\Users\user\Desktop\Order-078CNLTD.exe |
Code function: 0_2_02105633 |
0_2_02105633 |
Source: C:\Users\user\Desktop\Order-078CNLTD.exe |
Code function: 0_2_02102637 |
0_2_02102637 |
Source: C:\Users\user\Desktop\Order-078CNLTD.exe |
Code function: 0_2_0210263B |
0_2_0210263B |
Source: C:\Users\user\Desktop\Order-078CNLTD.exe |
Code function: 0_2_0210263F |
0_2_0210263F |
Source: C:\Users\user\Desktop\Order-078CNLTD.exe |
Code function: 0_2_02102653 |
0_2_02102653 |
Source: C:\Users\user\Desktop\Order-078CNLTD.exe |
Code function: 0_2_02102657 |
0_2_02102657 |
Source: C:\Users\user\Desktop\Order-078CNLTD.exe |
Code function: 0_2_0210265B |
0_2_0210265B |
Source: C:\Users\user\Desktop\Order-078CNLTD.exe |
Code function: 0_2_0210265F |
0_2_0210265F |
Source: C:\Users\user\Desktop\Order-078CNLTD.exe |
Code function: 0_2_02102643 |
0_2_02102643 |
Source: C:\Users\user\Desktop\Order-078CNLTD.exe |
Code function: 0_2_02102647 |
0_2_02102647 |
Source: C:\Users\user\Desktop\Order-078CNLTD.exe |
Code function: 0_2_0210264B |
0_2_0210264B |
Source: C:\Users\user\Desktop\Order-078CNLTD.exe |
Code function: 0_2_02106E4E |
0_2_02106E4E |
Source: C:\Users\user\Desktop\Order-078CNLTD.exe |
Code function: 0_2_0210264F |
0_2_0210264F |
Source: C:\Users\user\Desktop\Order-078CNLTD.exe |
Code function: 0_2_02102673 |
0_2_02102673 |
Source: C:\Users\user\Desktop\Order-078CNLTD.exe |
Code function: 0_2_02102663 |
0_2_02102663 |
Source: C:\Users\user\Desktop\Order-078CNLTD.exe |
Code function: 0_2_02102667 |
0_2_02102667 |
Source: C:\Users\user\Desktop\Order-078CNLTD.exe |
Code function: 0_2_0210266E |
0_2_0210266E |
Source: C:\Users\user\Desktop\Order-078CNLTD.exe |
Code function: 0_2_021026AE |
0_2_021026AE |
Source: C:\Users\user\Desktop\Order-078CNLTD.exe |
Code function: 0_2_021056D9 |
0_2_021056D9 |
Source: C:\Users\user\Desktop\Order-078CNLTD.exe |
Code function: 0_2_021056DB |
0_2_021056DB |
Source: C:\Users\user\Desktop\Order-078CNLTD.exe |
Code function: 0_2_021056DF |
0_2_021056DF |
Source: C:\Users\user\Desktop\Order-078CNLTD.exe |
Code function: 0_2_021056F3 |
0_2_021056F3 |
Source: C:\Users\user\Desktop\Order-078CNLTD.exe |
Code function: 0_2_021056F7 |
0_2_021056F7 |
Source: C:\Users\user\Desktop\Order-078CNLTD.exe |
Code function: 0_2_021056FB |
0_2_021056FB |
Source: C:\Users\user\Desktop\Order-078CNLTD.exe |
Code function: 0_2_021056FF |
0_2_021056FF |
Source: C:\Users\user\Desktop\Order-078CNLTD.exe |
Code function: 0_2_021056E3 |
0_2_021056E3 |
Source: C:\Users\user\Desktop\Order-078CNLTD.exe |
Code function: 0_2_021056E7 |
0_2_021056E7 |
Source: C:\Users\user\Desktop\Order-078CNLTD.exe |
Code function: 0_2_021056EB |
0_2_021056EB |
Source: C:\Users\user\Desktop\Order-078CNLTD.exe |
Code function: 0_2_021056EF |
0_2_021056EF |
Source: C:\Users\user\Desktop\Order-078CNLTD.exe |
Code function: 0_2_02105713 |
0_2_02105713 |
Source: C:\Users\user\Desktop\Order-078CNLTD.exe |
Code function: 0_2_02105703 |
0_2_02105703 |
Source: C:\Users\user\Desktop\Order-078CNLTD.exe |
Code function: 0_2_02105707 |
0_2_02105707 |
Source: C:\Users\user\Desktop\Order-078CNLTD.exe |
Code function: 0_2_0210570E |
0_2_0210570E |
Source: C:\Users\user\Desktop\Order-078CNLTD.exe |
Code function: 0_2_0210574E |
0_2_0210574E |
Source: C:\Users\user\Desktop\Order-078CNLTD.exe |
Code function: 0_2_02104C4F |
0_2_02104C4F |
Source: C:\Users\user\Desktop\Order-078CNLTD.exe |
Code function: 0_2_02104CC0 |
0_2_02104CC0 |
Source: C:\Users\user\Desktop\Order-078CNLTD.exe |
Code function: 0_2_02104D1A |
0_2_02104D1A |
Source: C:\Users\user\Desktop\Order-078CNLTD.exe |
Code function: 0_2_0210155C |
0_2_0210155C |
Source: C:\Users\user\Desktop\Order-078CNLTD.exe |
Code function: 0_2_021015D4 |
0_2_021015D4 |
Source: Order-078CNLTD.exe |
Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST |
Source: Order-078CNLTD.exe, 00000000.00000000.211129834.0000000000447000.00000002.00020000.sdmp |
Binary or memory string: OriginalFilenameOneiro.exe vs Order-078CNLTD.exe |
Source: Order-078CNLTD.exe |
Binary or memory string: OriginalFilenameOneiro.exe vs Order-078CNLTD.exe |
Source: Order-078CNLTD.exe |
Static PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED |
Source: classification engine |
Classification label: mal96.rans.troj.evad.winEXE@1/0@0/0 |
Source: Order-078CNLTD.exe |
Static PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ |
Source: C:\Users\user\Desktop\Order-078CNLTD.exe |
Section loaded: C:\Windows\SysWOW64\msvbvm60.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\Order-078CNLTD.exe |
Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers |
Jump to behavior |
Source: Order-078CNLTD.exe |
Virustotal: Detection: 70% |
Source: Order-078CNLTD.exe |
Metadefender: Detection: 25% |
Source: Order-078CNLTD.exe |
ReversingLabs: Detection: 86% |
Source: Yara match |
File source: 00000000.00000002.738009135.0000000002100000.00000040.00000001.sdmp, type: MEMORY |
Source: C:\Users\user\Desktop\Order-078CNLTD.exe |
Code function: 0_2_00401260 pushfd ; retf 0042h |
0_2_00401261 |
Source: C:\Users\user\Desktop\Order-078CNLTD.exe |
Code function: 0_2_0041C42A push ss; ret |
0_2_0041C431 |
Source: C:\Users\user\Desktop\Order-078CNLTD.exe |
Code function: 0_2_0041A4EE push edi; iretd |
0_2_0041A4EF |
Source: C:\Users\user\Desktop\Order-078CNLTD.exe |
Code function: 0_2_00419E84 push cs; ret |
0_2_00419E85 |
Source: C:\Users\user\Desktop\Order-078CNLTD.exe |
Code function: 0_2_0041A372 pushad ; ret |
0_2_0041A379 |
Source: C:\Users\user\Desktop\Order-078CNLTD.exe |
Code function: 0_2_0041C12C push ds; ret |
0_2_0041C131 |
Source: C:\Users\user\Desktop\Order-078CNLTD.exe |
Code function: 0_2_0041B998 push 8DED9D04h; retf |
0_2_0041B99D |
Source: C:\Users\user\Desktop\Order-078CNLTD.exe |
Code function: 0_2_005424F3 push edx; ret |
0_2_00542521 |
Source: C:\Users\user\Desktop\Order-078CNLTD.exe |
Code function: 0_2_00541054 push edx; ret |
0_2_00541081 |
Source: C:\Users\user\Desktop\Order-078CNLTD.exe |
Code function: 0_2_00542854 push edx; ret |
0_2_00542881 |
Source: C:\Users\user\Desktop\Order-078CNLTD.exe |
Code function: 0_2_00544054 push edx; ret |
0_2_00544081 |
Source: C:\Users\user\Desktop\Order-078CNLTD.exe |
Code function: 0_2_00545854 push edx; ret |
0_2_00545881 |
Source: C:\Users\user\Desktop\Order-078CNLTD.exe |
Code function: 0_2_00547054 push edx; ret |
0_2_00547081 |
Source: C:\Users\user\Desktop\Order-078CNLTD.exe |
Code function: 0_2_00546844 push edx; ret |
0_2_00546871 |
Source: C:\Users\user\Desktop\Order-078CNLTD.exe |
Code function: 0_2_00540843 push edx; ret |
0_2_00540871 |
Source: C:\Users\user\Desktop\Order-078CNLTD.exe |
Code function: 0_2_00542043 push edx; ret |
0_2_00542071 |
Source: C:\Users\user\Desktop\Order-078CNLTD.exe |
Code function: 0_2_00543843 push edx; ret |
0_2_00543871 |
Source: C:\Users\user\Desktop\Order-078CNLTD.exe |
Code function: 0_2_00545043 push edx; ret |
0_2_00545071 |
Source: C:\Users\user\Desktop\Order-078CNLTD.exe |
Code function: 0_2_00542074 push edx; ret |
0_2_005420A1 |
Source: C:\Users\user\Desktop\Order-078CNLTD.exe |
Code function: 0_2_00543874 push edx; ret |
0_2_005438A1 |
Source: C:\Users\user\Desktop\Order-078CNLTD.exe |
Code function: 0_2_00545074 push edx; ret |
0_2_005450A1 |
Source: C:\Users\user\Desktop\Order-078CNLTD.exe |
Code function: 0_2_00546875 push edx; ret |
0_2_005468A1 |
Source: C:\Users\user\Desktop\Order-078CNLTD.exe |
Code function: 0_2_00540878 push edx; ret |
0_2_005408A1 |
Source: C:\Users\user\Desktop\Order-078CNLTD.exe |
Code function: 0_2_00546065 push edx; ret |
0_2_00546091 |
Source: C:\Users\user\Desktop\Order-078CNLTD.exe |
Code function: 0_2_00543063 push edx; ret |
0_2_00543091 |
Source: C:\Users\user\Desktop\Order-078CNLTD.exe |
Code function: 0_2_00541863 push edx; ret |
0_2_00541891 |
Source: C:\Users\user\Desktop\Order-078CNLTD.exe |
Code function: 0_2_00544863 push edx; ret |
0_2_00544891 |
Source: C:\Users\user\Desktop\Order-078CNLTD.exe |
Code function: 0_2_00540068 push edx; ret |
0_2_00540091 |
Source: C:\Users\user\Desktop\Order-078CNLTD.exe |
Code function: 0_2_00546814 push edx; ret |
0_2_00546841 |
Source: C:\Users\user\Desktop\Order-078CNLTD.exe |
Code function: 0_2_00543813 push edx; ret |
0_2_00543841 |
Source: C:\Users\user\Desktop\Order-078CNLTD.exe |
Code function: 0_2_00542013 push edx; ret |
0_2_00542041 |
Source: C:\Users\user\Desktop\Order-078CNLTD.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Order-078CNLTD.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Order-078CNLTD.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Order-078CNLTD.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Order-078CNLTD.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\Order-078CNLTD.exe |
Code function: 0_2_02106A9E |
0_2_02106A9E |
Source: C:\Users\user\Desktop\Order-078CNLTD.exe |
Code function: 0_2_021028E8 |
0_2_021028E8 |
Source: C:\Users\user\Desktop\Order-078CNLTD.exe |
Code function: 0_2_021028EB |
0_2_021028EB |
Source: C:\Users\user\Desktop\Order-078CNLTD.exe |
Code function: 0_2_021018ED |
0_2_021018ED |
Source: C:\Users\user\Desktop\Order-078CNLTD.exe |
Code function: 0_2_021028EF |
0_2_021028EF |
Source: C:\Users\user\Desktop\Order-078CNLTD.exe |
Code function: 0_2_02102913 |
0_2_02102913 |
Source: C:\Users\user\Desktop\Order-078CNLTD.exe |
Code function: 0_2_02102917 |
0_2_02102917 |
Source: C:\Users\user\Desktop\Order-078CNLTD.exe |
Code function: 0_2_0210291B |
0_2_0210291B |
Source: C:\Users\user\Desktop\Order-078CNLTD.exe |
Code function: 0_2_0210291F |
0_2_0210291F |
Source: C:\Users\user\Desktop\Order-078CNLTD.exe |
Code function: 0_2_0210290F |
0_2_0210290F |
Source: C:\Users\user\Desktop\Order-078CNLTD.exe |
Code function: 0_2_02102923 |
0_2_02102923 |
Source: C:\Users\user\Desktop\Order-078CNLTD.exe |
Code function: 0_2_0210512B |
0_2_0210512B |
Source: C:\Users\user\Desktop\Order-078CNLTD.exe |
Code function: 0_2_02105153 |
0_2_02105153 |
Source: C:\Users\user\Desktop\Order-078CNLTD.exe |
Code function: 0_2_02105157 |
0_2_02105157 |
Source: C:\Users\user\Desktop\Order-078CNLTD.exe |
Code function: 0_2_0210515B |
0_2_0210515B |
Source: C:\Users\user\Desktop\Order-078CNLTD.exe |
Code function: 0_2_0210515F |
0_2_0210515F |
Source: C:\Users\user\Desktop\Order-078CNLTD.exe |
Code function: 0_2_0210514F |
0_2_0210514F |
Source: C:\Users\user\Desktop\Order-078CNLTD.exe |
Code function: 0_2_02102637 |
0_2_02102637 |
Source: C:\Users\user\Desktop\Order-078CNLTD.exe |
Code function: 0_2_0210263B |
0_2_0210263B |
Source: C:\Users\user\Desktop\Order-078CNLTD.exe |
Code function: 0_2_0210263F |
0_2_0210263F |
Source: C:\Users\user\Desktop\Order-078CNLTD.exe |
Code function: 0_2_02102653 |
0_2_02102653 |
Source: C:\Users\user\Desktop\Order-078CNLTD.exe |
Code function: 0_2_02102657 |
0_2_02102657 |
Source: C:\Users\user\Desktop\Order-078CNLTD.exe |
Code function: 0_2_0210265B |
0_2_0210265B |
Source: C:\Users\user\Desktop\Order-078CNLTD.exe |
Code function: 0_2_0210265F |
0_2_0210265F |
Source: C:\Users\user\Desktop\Order-078CNLTD.exe |
Code function: 0_2_02102643 |
0_2_02102643 |
Source: C:\Users\user\Desktop\Order-078CNLTD.exe |
Code function: 0_2_02102647 |
0_2_02102647 |
Source: C:\Users\user\Desktop\Order-078CNLTD.exe |
Code function: 0_2_0210264B |
0_2_0210264B |
Source: C:\Users\user\Desktop\Order-078CNLTD.exe |
Code function: 0_2_0210264F |
0_2_0210264F |
Source: C:\Users\user\Desktop\Order-078CNLTD.exe |
Code function: 0_2_02102673 |
0_2_02102673 |
Source: C:\Users\user\Desktop\Order-078CNLTD.exe |
Code function: 0_2_02102663 |
0_2_02102663 |
Source: C:\Users\user\Desktop\Order-078CNLTD.exe |
Code function: 0_2_02102667 |
0_2_02102667 |
Source: C:\Users\user\Desktop\Order-078CNLTD.exe |
Code function: 0_2_0210266E |
0_2_0210266E |
Source: C:\Users\user\Desktop\Order-078CNLTD.exe |
Code function: 0_2_021026AE |
0_2_021026AE |
Source: C:\Users\user\Desktop\Order-078CNLTD.exe |
Code function: 0_2_02104C4F |
0_2_02104C4F |
Source: C:\Users\user\Desktop\Order-078CNLTD.exe |
Code function: 0_2_02104D1A |
0_2_02104D1A |
Source: C:\Users\user\Desktop\Order-078CNLTD.exe |
Code function: 0_2_0210155C |
0_2_0210155C |
Source: C:\Users\user\Desktop\Order-078CNLTD.exe |
Code function: 0_2_021015D4 |
0_2_021015D4 |
Source: C:\Users\user\Desktop\Order-078CNLTD.exe |
RDTSC instruction interceptor: First address: 0000000002105246 second address: 0000000002105246 instructions: |
Source: C:\Users\user\Desktop\Order-078CNLTD.exe |
RDTSC instruction interceptor: First address: 00000000021052BC second address: 00000000021052BC instructions: |
Source: C:\Users\user\Desktop\Order-078CNLTD.exe |
RDTSC instruction interceptor: First address: 00000000021053D3 second address: 00000000021053D3 instructions: |
Source: C:\Users\user\Desktop\Order-078CNLTD.exe |
RDTSC instruction interceptor: First address: 0000000002105066 second address: 0000000002105100 instructions: 0x00000000 rdtsc 0x00000002 mov eax, 00000001h 0x00000007 cpuid 0x00000009 popad 0x0000000a cmp cx, AD9Ah 0x0000000f xor edi, edi 0x00000011 mov dword ptr [ebp+000000F8h], 00A95F60h 0x0000001b call 00007F0FCD0B577Ch 0x00000020 call 00007F0FCD0B577Fh 0x00000025 lfence 0x00000028 mov edx, 7FFEFDDCh 0x0000002d add edx, FFFFB1D9h 0x00000033 sub edx, 0000CDF5h 0x00000039 add edx, 00001E54h 0x0000003f mov edx, dword ptr [edx] 0x00000041 lfence 0x00000044 cmp ecx, ebx 0x00000046 cmp ecx, ecx 0x00000048 pushad 0x00000049 rdtsc |
Source: C:\Users\user\Desktop\Order-078CNLTD.exe |
RDTSC instruction interceptor: First address: 0000000002105100 second address: 00000000021050B5 instructions: 0x00000000 rdtsc 0x00000002 mov eax, 00000001h 0x00000007 cpuid 0x00000009 popad 0x0000000a cmp cx, 9ED2h 0x0000000f ret 0x00000010 mov esi, edx 0x00000012 pushad 0x00000013 rdtsc |
Source: C:\Users\user\Desktop\Order-078CNLTD.exe |
RDTSC instruction interceptor: First address: 0000000002105246 second address: 0000000002105246 instructions: |
Source: C:\Users\user\Desktop\Order-078CNLTD.exe |
RDTSC instruction interceptor: First address: 00000000021052BC second address: 00000000021052BC instructions: |
Source: C:\Users\user\Desktop\Order-078CNLTD.exe |
RDTSC instruction interceptor: First address: 00000000021053D3 second address: 00000000021053D3 instructions: |
Source: C:\Users\user\Desktop\Order-078CNLTD.exe |
RDTSC instruction interceptor: First address: 0000000002105066 second address: 0000000002105100 instructions: 0x00000000 rdtsc 0x00000002 mov eax, 00000001h 0x00000007 cpuid 0x00000009 popad 0x0000000a cmp cx, AD9Ah 0x0000000f xor edi, edi 0x00000011 mov dword ptr [ebp+000000F8h], 00A95F60h 0x0000001b call 00007F0FCD0B577Ch 0x00000020 call 00007F0FCD0B577Fh 0x00000025 lfence 0x00000028 mov edx, 7FFEFDDCh 0x0000002d add edx, FFFFB1D9h 0x00000033 sub edx, 0000CDF5h 0x00000039 add edx, 00001E54h 0x0000003f mov edx, dword ptr [edx] 0x00000041 lfence 0x00000044 cmp ecx, ebx 0x00000046 cmp ecx, ecx 0x00000048 pushad 0x00000049 rdtsc |
Source: C:\Users\user\Desktop\Order-078CNLTD.exe |
RDTSC instruction interceptor: First address: 0000000002105100 second address: 00000000021050B5 instructions: 0x00000000 rdtsc 0x00000002 mov eax, 00000001h 0x00000007 cpuid 0x00000009 popad 0x0000000a cmp cx, 9ED2h 0x0000000f ret 0x00000010 mov esi, edx 0x00000012 pushad 0x00000013 rdtsc |
Source: C:\Users\user\Desktop\Order-078CNLTD.exe |
Code function: 0_2_02101202 rdtsc |
0_2_02101202 |
Source: all processes |
Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected |
Source: C:\Users\user\Desktop\Order-078CNLTD.exe |
Process Stats: CPU usage > 90% for more than 60s |
Source: C:\Users\user\Desktop\Order-078CNLTD.exe |
Code function: 0_2_02101202 rdtsc |
0_2_02101202 |
Source: C:\Users\user\Desktop\Order-078CNLTD.exe |
Code function: 0_2_02104A24 mov eax, dword ptr fs:[00000030h] |
0_2_02104A24 |
Source: C:\Users\user\Desktop\Order-078CNLTD.exe |
Code function: 0_2_02102006 mov eax, dword ptr fs:[00000030h] |
0_2_02102006 |
Source: C:\Users\user\Desktop\Order-078CNLTD.exe |
Code function: 0_2_021018ED mov eax, dword ptr fs:[00000030h] |
0_2_021018ED |
Source: C:\Users\user\Desktop\Order-078CNLTD.exe |
Code function: 0_2_02104E30 mov eax, dword ptr fs:[00000030h] |
0_2_02104E30 |
Source: C:\Users\user\Desktop\Order-078CNLTD.exe |
Code function: 0_2_02105633 mov eax, dword ptr fs:[00000030h] |
0_2_02105633 |
Source: C:\Users\user\Desktop\Order-078CNLTD.exe |
Code function: 0_2_02102E68 mov eax, dword ptr fs:[00000030h] |
0_2_02102E68 |
Source: all processes |
Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected |
Source: Order-078CNLTD.exe, 00000000.00000002.737431739.0000000000C90000.00000002.00000001.sdmp |
Binary or memory string: Program Manager |
Source: Order-078CNLTD.exe, 00000000.00000002.737431739.0000000000C90000.00000002.00000001.sdmp |
Binary or memory string: Shell_TrayWnd |
Source: Order-078CNLTD.exe, 00000000.00000002.737431739.0000000000C90000.00000002.00000001.sdmp |
Binary or memory string: Progman |
Source: Order-078CNLTD.exe, 00000000.00000002.737431739.0000000000C90000.00000002.00000001.sdmp |
Binary or memory string: Progmanlock |
Source: C:\Users\user\Desktop\Order-078CNLTD.exe |
Code function: 0_2_02103A54 cpuid |
0_2_02103A54 |